CVE-2026-44987
- EPSS 0.16%
- Veröffentlicht 08.05.2026 21:59:12
- Zuletzt bearbeitet 13.05.2026 16:49:32
SysReptor is a fully customizable pentest reporting platform. Prior to version 2026.29, users with "User Admin" permissions can change the email addresses of users with "Superuser" permissions. If the SysReptor installation has the "Forgot Password" ...
CVE-2026-42291
- EPSS 0.19%
- Veröffentlicht 08.05.2026 21:57:51
- Zuletzt bearbeitet 13.05.2026 16:49:32
SysReptor is a fully customizable pentest reporting platform. From version 2026.4 to before version 2026.27, the endpoints for reading and creating sharing links for personal notes is not properly authorized. This allows authenticated attackers who o...
CVE-2025-66561
- EPSS 0.16%
- Veröffentlicht 04.12.2025 22:27:52
- Zuletzt bearbeitet 11.12.2025 21:16:21
SysReptor is a fully customizable pentest reporting platform. Prior to 2025.102, there is a Stored Cross-Site Scripting (XSS) vulnerability allows authenticated users to execute malicious JavaScript in the context of other logged-in users by uploadin...
CVE-2025-59945
- EPSS 0.31%
- Veröffentlicht 27.09.2025 01:15:44
- Zuletzt bearbeitet 11.12.2025 21:18:59
SysReptor is a fully customizable pentest reporting platform. In versions from 2024.74 to before 2025.83, authenticated and unprivileged (non-admin) users can assign the is_project_admin permission to their own user. This allows users to read, modify...
CVE-2024-36076
- EPSS 0.25%
- Veröffentlicht 19.05.2024 20:15:07
- Zuletzt bearbeitet 11.12.2025 21:22:18
Cross-Site WebSocket Hijacking in SysReptor from version 2024.28 to version 2024.30 causes attackers to escalate privileges and obtain sensitive information when a logged-in SysReptor user visits a malicious same-site subdomain in the same browser se...