← Back

Petereport Project

petereport_project

3 CVEs • 1 product

Products (1)

Click to collapse
Toggle
Petereport
petereport
3 CVEs

CVEs (3)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2022-25220
1Petereport Project
1Petereport
Jun 17, 2026
Mar 3, 2022
N/A· v4
4.8 MEDIUM· v3
3.5 LOW· v2
PeteReport Version 0.5 allows an authenticated admin user to inject persistent JavaScript code inside the markdown descriptions while creating a product, report or finding.
CVE-2022-23052
1Petereport Project
1Petereport
Jun 17, 2026
Mar 3, 2022
N/A· v4
6.5 MEDIUM· v3
4.3 MEDIUM· v2
PeteReport Version 0.5 contains a Cross Site Request Forgery (CSRF) vulnerability allowing an attacker to trick users into deleting users, products, reports and findings on the application.
CVE-2022-23051
1Petereport Project
1Petereport
Jun 17, 2026
Mar 3, 2022
N/A· v4
5.4 MEDIUM· v3
3.5 LOW· v2
PeteReport Version 0.5 allows an authenticated admin user to inject persistent JavaScript code while adding an 'Attack Tree' by modifying the 'svg_file' parameter.