CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-2583 – Code Injection in jsreport/jsreport
https://notcve.org/view.php?id=CVE-2023-2583
08 May 2023 — Code Injection in GitHub repository jsreport/jsreport prior to 3.11.3. • https://github.com/jsreport/jsreport/commit/afaff3804b34b38e959f5ae65f9e672088de13d7 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 2CVE-2020-7763 – Arbitrary File Read
https://notcve.org/view.php?id=CVE-2020-7763
05 Nov 2020 — This affects the package phantom-html-to-pdf before 0.6.1. Esto afecta al paquete phantom-html-to-pdf versiones anteriores a 0.6.1 • https://github.com/ossf-cve-benchmark/CVE-2020-7763 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2020-7762 – Arbitrary File Read
https://notcve.org/view.php?id=CVE-2020-7762
05 Nov 2020 — This affects the package jsreport-chrome-pdf before 1.10.0. Esto afecta al paquete jsreport-chrome-pdf versiones anteriores a 1.10.0 • https://github.com/jsreport/jsreport-chrome-pdf/commit/6750b2f77d05cb843aefc1c4a98097a3bd33a6a2 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 1CVE-2020-8128
https://notcve.org/view.php?id=CVE-2020-8128
14 Feb 2020 — An unintended require and server-side request forgery vulnerabilities in jsreport version 2.5.0 and earlier allow attackers to execute arbitrary code. Unas vulnerabilidades de requerimiento no deseado y de tipo server-side request forgery en jsreport versión 2.5.0 y anteriores, permiten a atacantes ejecutar código arbitrario. • https://hackerone.com/reports/660565 • CWE-829: Inclusion of Functionality from Untrusted Control Sphere CWE-918: Server-Side Request Forgery (SSRF) •