← Back

Ocs Inventory Server

ocs_inventory_server

Vendor: Ocsinventory Ng • 2 CVEs

CVEs (2)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2026-22675
1Ocsinventory Ng
1Ocs Inventory Server
May 26, 2026
Apr 6, 2026
5.1 MEDIUM· v4
6.1 MEDIUM· v3
N/A· v2
OCS Inventory NG Server version 2.12.3 and prior contain a stored cross-site scripting vulnerability that allows unauthenticated attackers to execute arbitrary JavaScript by submitting malicious User-Agent HTTP headers t...Show more
OCS Inventory NG Server version 2.12.3 and prior contain a stored cross-site scripting vulnerability that allows unauthenticated attackers to execute arbitrary JavaScript by submitting malicious User-Agent HTTP headers to the /ocsinventory endpoint. Attackers can register rogue agents or craft requests with malicious User-Agent values that are stored without sanitization and rendered with insufficient encoding in the web console, leading to arbitrary JavaScript execution in the browsers of authenticated users viewing the statistics dashboard.Show less
CVE-2018-14857
1Ocsinventory Ng
1Ocs Inventory Server
Nov 21, 2024
Aug 6, 2018
N/A· v4
8.8 HIGH· v3
6.5 MEDIUM· v2
Unrestricted file upload (with remote code execution) in require/mail/NotificationMail.php in Webconsole in OCS Inventory NG OCS Inventory Server through 2.5 allows a privileged user to gain access to the server via a te...Show more
Unrestricted file upload (with remote code execution) in require/mail/NotificationMail.php in Webconsole in OCS Inventory NG OCS Inventory Server through 2.5 allows a privileged user to gain access to the server via a template file containing PHP code, because file extensions other than .html are permitted.Show less