CVE-2025-66561
- EPSS 0.04%
- Veröffentlicht 04.12.2025 22:27:52
- Zuletzt bearbeitet 11.12.2025 21:16:21
SysReptor is a fully customizable pentest reporting platform. Prior to 2025.102, there is a Stored Cross-Site Scripting (XSS) vulnerability allows authenticated users to execute malicious JavaScript in the context of other logged-in users by uploadin...
CVE-2025-59945
- EPSS 0.03%
- Veröffentlicht 27.09.2025 01:15:44
- Zuletzt bearbeitet 11.12.2025 21:18:59
SysReptor is a fully customizable pentest reporting platform. In versions from 2024.74 to before 2025.83, authenticated and unprivileged (non-admin) users can assign the is_project_admin permission to their own user. This allows users to read, modify...
CVE-2024-36076
- EPSS 0.4%
- Veröffentlicht 19.05.2024 20:15:07
- Zuletzt bearbeitet 11.12.2025 21:22:18
Cross-Site WebSocket Hijacking in SysReptor from version 2024.28 to version 2024.30 causes attackers to escalate privileges and obtain sensitive information when a logged-in SysReptor user visits a malicious same-site subdomain in the same browser se...