youseries/ureport

youseries/ureport

Releases9

Frequency4 weeks 2 days

Last Release almost 8 years ago

Stars2.16K

UReport2 is a high-performance pure Java report engine based on Spring architecture, where complex Chinese-style statements and reports can be prepared by iterating over cells.

Log in to subscribe

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2023-24187 ↗	Feb 14, 2023Tuesday, 14 February 2023, 02:15	7.8 HIGH	—
An XML External Entity (XXE) vulnerability in ureport v2.2.9 allows attackers to execute arbitrary code via uploading a crafted XML file to /ureport/designer/saveReportFile.
CVE-2023-24188 ↗	Feb 13, 2023Monday, 13 February 2023, 20:15	9.1 CRITICAL	—
ureport v2.2.9 was discovered to contain a directory traversal vulnerability via the deletion function which allows for arbitrary files to be deleted.
CVE-2020-21122 ↗	Sep 15, 2021Wednesday, 15 September 2021, 17:15	5.3 MEDIUM	5 MEDIUM
UReport v2.2.9 contains a Server-Side Request Forgery (SSRF) in the designer page which allows attackers to detect intranet device ports.
CVE-2020-21124 ↗	Sep 15, 2021Wednesday, 15 September 2021, 17:15	9.8 CRITICAL	7.5 HIGH
UReport 2.2.9 allows attackers to execute arbitrary code due to a lack of access control to the designer page.
CVE-2020-21125 ↗	Sep 15, 2021Wednesday, 15 September 2021, 17:15	9.8 CRITICAL	7.5 HIGH
An arbitrary file creation vulnerability in UReport 2.2.9 allows attackers to execute arbitrary code.