reportico-web/reportico

Packagist4 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting reportico-web/reporticopage 1 of 1

CVE-2023-46925MEDIUMCVSS 4.8EG 4.8
2023-11-02
vulnerable: 4.6 ... 7.1.9-alpha (50 versions)
Reportico 7.1.21 is vulnerable to Cross Site Scripting (XSS).
CVE-2023-47438MEDIUMCVSS 6.5EG 6.5
2024-03-27
vulnerable: 4.6 ... 8.1.0 (75 versions)
SQL Injection vulnerability in Reportico Till 8.1.0 allows attackers to obtain sensitive information or other system information via the project parameter.
CVE-2023-48865MEDIUMCVSS 6.5EG 6.5
2024-04-11
vulnerable: 4.6 ... 8.1.0 (75 versions)
An issue discovered in Reportico Till 8.1.0 allows attackers to obtain sensitive information via execute_mode parameter of the URL.
CVE-2024-31556HIGHCVSS 7.8EG 6.5
2024-05-14
vulnerable: 4.6 ... 8.1.0 (75 versions)
An issue in Reportico Web before v.8.1.0 allows a local attacker to execute arbitrary code and obtain sensitive information via the sessionid function.

Check whether reportico-web/reportico is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for reportico-web/reportico CVEs against the assets you own.

Start Free Scan →