ocsinventory-ng ocs_inventory_server CVE Vulnerabilities (2)

CVEs: 2 CPE versions: View versions table

Summary

This page lists publicly disclosed CVE vulnerabilities affecting ocsinventory-ng ocs_inventory_server (linked via NVD CPE). Each row includes severity scores, summaries, and publication dates to help identify and analyze security issues.

Showing 12 of 2 CVEs
«« First « Prev Page 1 / 1 Next »
CVE Summary Source Max CVSS EPSS % Published Updated
CVE-2026-22675 OCS Inventory NG Server version 2.12.3 and prior contain a stored cross-site scripting vulnerability that allows unauthenticated attackers to execute arbitrary JavaScript by submitting malicious User-Agent HTTP headers to the /ocsinventory endpoint. Attackers can register rogue agents or craft requests with malicious User-Agent values that are stored without sanitization and rendered with insufficient encoding in the web console, leading to arbitrary JavaScript execution in the browsers of authe [email protected] 5.1 0.22% 2026-04-06 2026-07-14
CVE-2018-14857 Unrestricted file upload (with remote code execution) in require/mail/NotificationMail.php in Webconsole in OCS Inventory NG OCS Inventory Server through 2.5 allows a privileged user to gain access to the server via a template file containing PHP code, because file extensions other than .html are permitted. [email protected] 8.8 3.69% 2018-08-06 2026-06-16
«« First « Prev Page 1 / 1 Next »
cvelogic Threat Intelligence