Filtered by vendor Inetsoftware
Subscribe
Total
3 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2020-28150 | 1 Inetsoftware | 1 I-net Clear Reports | 2021-03-12 | 5.8 MEDIUM | 6.1 MEDIUM |
I-Net Software Clear Reports 20.10.136 web application accepts a user-controlled input that specifies a link to an external site, and uses the user supplied data in a Redirect. | |||||
CVE-2020-12684 | 1 Inetsoftware | 1 I-net Clear Reports | 2020-07-22 | 7.5 HIGH | 9.8 CRITICAL |
XXE injection can occur in i-net Clear Reports 2019 19.0.287 (Designer), as used in i-net HelpDesk and other products, when XML input containing a reference to an external entity is processed by a weakly configured XML parser. | |||||
CVE-2020-11431 | 1 Inetsoftware | 3 Clear Reports, Helpdesk, Pdfc | 2020-05-12 | 6.4 MEDIUM | 9.1 CRITICAL |
The documentation component in i-net Clear Reports 16.0 to 19.2, HelpDesk 8.0 to 8.3, and PDFC 4.3 to 6.2 allows a remote unauthenticated attacker to read arbitrary system files and directories on the target server via Directory Traversal. |