Petereport Project: >> Petereport Security Vulnerabilities
PeteReport Version 0.5 allows an authenticated admin user to inject persistent JavaScript code inside the markdown descriptions while creating a product, report or finding.
CVSS Score
4.8
EPSS Score
0.003
Published
2022-03-03
PeteReport Version 0.5 allows an authenticated admin user to inject persistent JavaScript code while adding an 'Attack Tree' by modifying the 'svg_file' parameter.
CVSS Score
5.4
EPSS Score
0.002
Published
2022-03-03
PeteReport Version 0.5 contains a Cross Site Request Forgery (CSRF) vulnerability allowing an attacker to trick users into deleting users, products, reports and findings on the application.
CVSS Score
6.5
EPSS Score
0.001
Published
2022-03-03