Aggregates CVE and security vulnerability intelligence across all vermeg-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Common weakness patterns include vendor risk cross-site scripting and vendor risk xxe, with potential vendor impact session compromise across vendor surface production workloads and vendor surface software deployment use cases.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2022-34834 | An issue was discovered in VERMEG AgileReporter 21.3. Attackers can gain privileges via an XSS payload in an Add Comment action to the Activity log. | [email protected] | 4.8 | 0.36% | 2023-10-27 | 2024-11-21 |
| CVE-2022-34833 | An issue was discovered in VERMEG AgileReporter 21.3. An admin can enter an XSS payload in the Analysis component. | [email protected] | 5.4 | 0.36% | 2023-10-27 | 2024-11-21 |
| CVE-2022-34832 | An issue was discovered in VERMEG AgileReporter 21.3. XXE can occur via an XML document to the Analysis component. | [email protected] | 6.5 | 0.66% | 2023-10-27 | 2024-11-21 |