CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-2583 – Code Injection in jsreport/jsreport
https://notcve.org/view.php?id=CVE-2023-2583
08 May 2023 — Code Injection in GitHub repository jsreport/jsreport prior to 3.11.3. • https://github.com/jsreport/jsreport/commit/afaff3804b34b38e959f5ae65f9e672088de13d7 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 1CVE-2020-8128
https://notcve.org/view.php?id=CVE-2020-8128
14 Feb 2020 — An unintended require and server-side request forgery vulnerabilities in jsreport version 2.5.0 and earlier allow attackers to execute arbitrary code. Unas vulnerabilidades de requerimiento no deseado y de tipo server-side request forgery en jsreport versión 2.5.0 y anteriores, permiten a atacantes ejecutar código arbitrario. • https://hackerone.com/reports/660565 • CWE-829: Inclusion of Functionality from Untrusted Control Sphere CWE-918: Server-Side Request Forgery (SSRF) •