Quadbase: >> Espressdashboard Security Vulnerabilities
An issue was discovered in Quadbase ExpressDashboard (EDAB) 7 Update 9. It allows CSRF. An attacker may be able to trick an authenticated user into changing the email address associated with their account.
CVSS Score
4.3
EPSS Score
0.002
Published
2021-03-15
An issue was discovered in Quadbase EspressReports ES 7 Update 9. An authenticated user is able to navigate to the MenuPage section of the application, and change the frmsrc parameter value to retrieve and execute external files or payloads.
CVSS Score
8.1
EPSS Score
0.004
Published
2021-03-15