Inetsoftware

inetsoftware

3 CVEs • 4 products

Products (4)

Click to collapse

Toggle

I Net Clear Reports

i-net_clear_reports

CVEs (3)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2020-28150 1Inetsoftware 1I Net Clear Reports Nov 21, 2024 Mar 9, 2021 N/A· v4 6.1 MEDIUM· v3 5.8 MEDIUM· v2 I-Net Software Clear Reports 20.10.136 web application accepts a user-controlled input that specifies a link to an external site, and uses the user supplied data in a Redirect.
CVE-2020-12684 1Inetsoftware 1I Net Clear Reports Nov 21, 2024 Jul 15, 2020 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 XXE injection can occur in i-net Clear Reports 2019 19.0.287 (Designer), as used in i-net HelpDesk and other products, when XML input containing a reference to an external entity is processed by a weakly configured XML p...Show more XXE injection can occur in i-net Clear Reports 2019 19.0.287 (Designer), as used in i-net HelpDesk and other products, when XML input containing a reference to an external entity is processed by a weakly configured XML parser.Show less
CVE-2020-11431 1Inetsoftware 3Clear Reports HelpdeskPdfc Nov 21, 2024 May 7, 2020 N/A· v4 9.1 CRITICAL· v3 6.4 MEDIUM· v2 The documentation component in i-net Clear Reports 16.0 to 19.2, HelpDesk 8.0 to 8.3, and PDFC 4.3 to 6.2 allows a remote unauthenticated attacker to read arbitrary system files and directories on the target server via D...Show more The documentation component in i-net Clear Reports 16.0 to 19.2, HelpDesk 8.0 to 8.3, and PDFC 4.3 to 6.2 allows a remote unauthenticated attacker to read arbitrary system files and directories on the target server via Directory Traversal.Show less