← Back

Quadbase

quadbase

6 CVEs • 4 products

Products (4)

Click to collapse
Toggle
Espressreports Es
espressreports_es
2 CVEs
Espressdashboard
espressdashboard
2 CVEs
Espressreport Es
espressreport_es
1 CVE
Espressreport Enterprise Server
espressreport_enterprise_server
1 CVE

CVEs (6)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2020-24985
1Quadbase
1Espressdashboard
Jun 17, 2026
Mar 15, 2021
N/A· v4
8.1 HIGH· v3
5.5 MEDIUM· v2
An issue was discovered in Quadbase EspressReports ES 7 Update 9. An authenticated user is able to navigate to the MenuPage section of the application, and change the frmsrc parameter value to retrieve and execute extern...Show more
An issue was discovered in Quadbase EspressReports ES 7 Update 9. An authenticated user is able to navigate to the MenuPage section of the application, and change the frmsrc parameter value to retrieve and execute external files or payloads.Show less
CVE-2020-24982
1Quadbase
1Espressdashboard
Jun 17, 2026
Mar 15, 2021
N/A· v4
4.3 MEDIUM· v3
4.3 MEDIUM· v2
An issue was discovered in Quadbase ExpressDashboard (EDAB) 7 Update 9. It allows CSRF. An attacker may be able to trick an authenticated user into changing the email address associated with their account.
CVE-2020-24984
1Quadbase
1Espressreports Es
Jun 17, 2026
Mar 11, 2021
N/A· v4
8.8 HIGH· v3
6.8 MEDIUM· v2
An issue was discovered in Quadbase EspressReports ES 7 Update 9. It allows CSRF, whereby an attacker may be able to trick an authenticated admin level user into uploading malicious files to the web server.
CVE-2020-24983
1Quadbase
1Espressreports Es
Jun 17, 2026
Mar 11, 2021
N/A· v4
8.8 HIGH· v3
6.8 MEDIUM· v2
An issue was discovered in Quadbase EspressReports ES 7 Update 9. An unauthenticated attacker can create a malicious HTML file that houses a POST request made to the DashboardBuilder within the target web application. Th...Show more
An issue was discovered in Quadbase EspressReports ES 7 Update 9. An unauthenticated attacker can create a malicious HTML file that houses a POST request made to the DashboardBuilder within the target web application. This request will utilise the target admin session and perform the authenticated request (to change the Dashboard name) as if the victim had done so themselves, aka CSRF.Show less
CVE-2019-9958
1Quadbase
1Espressreport Enterprise Server
Jun 17, 2026
Jun 24, 2019
N/A· v4
8.8 HIGH· v3
6.8 MEDIUM· v2
CSRF within the admin panel in Quadbase EspressReport ES (ERES) v7.0 update 7 allows remote attackers to escalate privileges, or create new admin accounts by crafting a malicious web page that issues specific requests, u...Show more
CSRF within the admin panel in Quadbase EspressReport ES (ERES) v7.0 update 7 allows remote attackers to escalate privileges, or create new admin accounts by crafting a malicious web page that issues specific requests, using a target admin's session to process their requests.Show less
CVE-2019-9957
1Quadbase
1Espressreport Es
Jun 17, 2026
Jun 24, 2019
N/A· v4
5.4 MEDIUM· v3
3.5 LOW· v2
Stored XSS within Quadbase EspressReport ES (ERES) v7.0 update 7 allows remote attackers to execute malicious JavaScript and inject arbitrary source code into the target pages. The XSS payload is stored by creating a new...Show more
Stored XSS within Quadbase EspressReport ES (ERES) v7.0 update 7 allows remote attackers to execute malicious JavaScript and inject arbitrary source code into the target pages. The XSS payload is stored by creating a new user account, and setting the username to an XSS payload. The stored payload can then be triggered by accessing the "Set Security Levels" or "View User/Group Relationships" page. If the attacker does not currently have permission to create a new user, another vulnerability such as CSRF must be exploited first.Show less