eramba 漏洞與 CVE 列表(10)

產品(CPE): — CVE 數: 10

eramba 漏洞概覽

彙總 eramba 相關全部產品的 CVE 與安全漏洞情報,包括 CVSS、EPSS、公開時間與漏洞情報資料。

常見弱點模式包括 跨站腳本與輸入驗證問題,在 生產負載與軟體部署 使用場景中可能帶來 工作階段劫持與異常行為 等風險。

相關漏洞資料主要來源於公開漏洞披露與安全公告,可用於評估歷史漏洞暴露面與修補優先順序。

漏洞分布趨勢(近 24 個月)

顯示 11010 CVE 數
«« 第一頁 « 上一頁 第 1 / 1 頁 下一頁 »
CVE 摘要 來源 最高 CVSS EPSS % 公開時間 更新時間
CVE-2025-55462 A CORS misconfiguration in Eramba Community and Enterprise Editions v3.26.0 allows an attacker-controlled Origin header to be reflected in the Access-Control-Allow-Origin response along with Access-Control-Allow-Credentials: true. This permits malicious third-party websites to perform authenticated cross-origin requests against the Eramba API, including endpoints like /system-api/login and /system-api/user/me. The response includes sensitive user session data (ID, name, email, access groups), wh [email protected] 6.5 0.37% 2026-01-13 2026-06-17
CVE-2023-36255 An issue in Eramba Limited Eramba Enterprise and Community edition v.3.19.1 allows a remote attacker to execute arbitrary code via the path parameter in the URL. [email protected] 8.8 57.36% 2023-08-02 2026-06-17
CVE-2022-43342 A stored cross-site scripting (XSS) vulnerability in the Add function of Eramba GRC Software c2.8.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the KPI Title text field. [email protected] 5.4 0.48% 2022-11-14 2026-06-17
CVE-2020-28031 eramba through c2.8.1 allows HTTP Host header injection with (for example) resultant wkhtml2pdf PDF printing by authenticated users. [email protected] 4.3 0.62% 2020-11-02 2026-06-16
CVE-2020-25105 eramba c2.8.1 and Enterprise before e2.19.3 has a weak password recovery token (createHash has only a million possibilities). [email protected] 9.8 1.07% 2020-09-03 2026-06-16
CVE-2020-25104 eramba c2.8.1 and Enterprise before e2.19.3 allows XSS via a crafted filename for a file attached to an object. For example, the filename has a complete XSS payload followed by the .png extension. [email protected] 5.4 0.58% 2020-09-03 2026-06-16
CVE-2018-7997 Eramba e1.0.6.033 has Reflected XSS on the Error page of the CSV file inclusion tab of the /importTool/preview URI, with a CSV file polluted with malicious JavaScript. [email protected] 6.1 0.62% 2018-03-09 2026-06-16
CVE-2018-7996 Eramba e1.0.6.033 has Stored XSS on the tooltip box via the /programScopes description parameter. [email protected] 6.1 0.68% 2018-03-09 2026-06-16
CVE-2018-7894 Eramba e1.0.6.033 has Reflected XSS in reviews/filterIndex/ThirdPartyRiskReview via the advanced_filter parameter (aka the Search Parameter). [email protected] 6.1 0.68% 2018-03-09 2026-06-16
CVE-2018-7741 Eramba e1.0.6.033 has Reflected XSS in the Date Filter via the created parameter to the /crons URI. [email protected] 6.1 0.68% 2018-03-07 2026-06-16
«« 第一頁 « 上一頁 第 1 / 1 頁 下一頁 »
cvelogic Threat Intelligence