Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
An issue was discovered in Quadbase EspressReports ES 7 Update 9. An unauthenticated attacker can create a malicious HTML file that houses a POST request made to the DashboardBuilder within the target web application. This request will utilise the target admin session and perform the authenticated request (to change the Dashboard name) as if the victim had done so themselves, aka CSRF.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Quadbase EspressReports ES 跨站请求伪造漏洞
Vulnerability Description
Quadbase EspressReports ES是美国 (Quadbase)公司的一个应用软件。提供了一些特殊的报告和查询功能,使用户可以通过零客户端浏览器界面创建各种查询和报告。 Quadbase EspressReports ES 7 Update 9 存在跨站请求伪造漏洞,攻击者可利用该漏洞可以创建一个恶意的HTML文件。
CVSS Information
N/A
Vulnerability Type
N/A