彙總 quadbase 相關全部產品的 CVE 與安全漏洞情報,包括 CVSS、EPSS、公開時間與漏洞情報資料。
已披露問題常與 CSRF、跨站腳本與檔案包含 相關,可能在 生產負載與軟體部署 場景中帶來 檔案覆寫與未授權存取 等暴露風險。
相關漏洞資料主要來源於公開漏洞披露與安全公告,可用於評估歷史漏洞暴露面與修補優先順序。
| CVE | 摘要 | 來源 | 最高 CVSS | EPSS % | 公開時間 | 更新時間 |
|---|---|---|---|---|---|---|
| CVE-2020-24985 | An issue was discovered in Quadbase EspressReports ES 7 Update 9. An authenticated user is able to navigate to the MenuPage section of the application, and change the frmsrc parameter value to retrieve and execute external files or payloads. | [email protected] | 8.1 | 1.10% | 2021-03-15 | 2026-06-16 |
| CVE-2020-24982 | An issue was discovered in Quadbase ExpressDashboard (EDAB) 7 Update 9. It allows CSRF. An attacker may be able to trick an authenticated user into changing the email address associated with their account. | [email protected] | 4.3 | 0.45% | 2021-03-15 | 2026-06-16 |
| CVE-2020-24984 | An issue was discovered in Quadbase EspressReports ES 7 Update 9. It allows CSRF, whereby an attacker may be able to trick an authenticated admin level user into uploading malicious files to the web server. | [email protected] | 8.8 | 0.56% | 2021-03-11 | 2026-06-16 |
| CVE-2020-24983 | An issue was discovered in Quadbase EspressReports ES 7 Update 9. An unauthenticated attacker can create a malicious HTML file that houses a POST request made to the DashboardBuilder within the target web application. This request will utilise the target admin session and perform the authenticated request (to change the Dashboard name) as if the victim had done so themselves, aka CSRF. | [email protected] | 8.8 | 0.64% | 2021-03-11 | 2026-06-16 |
| CVE-2019-9958 | CSRF within the admin panel in Quadbase EspressReport ES (ERES) v7.0 update 7 allows remote attackers to escalate privileges, or create new admin accounts by crafting a malicious web page that issues specific requests, using a target admin's session to process their requests. | [email protected] | 8.8 | 0.78% | 2019-06-24 | 2026-06-16 |
| CVE-2019-9957 | Stored XSS within Quadbase EspressReport ES (ERES) v7.0 update 7 allows remote attackers to execute malicious JavaScript and inject arbitrary source code into the target pages. The XSS payload is stored by creating a new user account, and setting the username to an XSS payload. The stored payload can then be triggered by accessing the "Set Security Levels" or "View User/Group Relationships" page. If the attacker does not currently have permission to create a new user, another vulnerability such | [email protected] | 5.4 | 0.82% | 2019-06-24 | 2026-06-16 |