Every CVE whose affected-product data names Dundas Dundas Bi, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (3)
CVE-2018-18569 — CVSS 8.6 (high): The Dundas BI server before 5.0.1.1010 is vulnerable to a Server-Side Request Forgery attack, allowing an attacker to forge arbitrary…
CVE-2020-28408 — CVSS 5.4 (medium): The server in Dundas BI through 8.0.0.1001 allows XSS via an HTML label when creating or editing a dashboard.
CVE-2020-28409 — CVSS 5.4 (medium): The server in Dundas BI through 8.0.0.1001 allows XSS via addition of a Component (e.g., a button) when events such as click, hover, etc…