Ocsinventory-ng Ocsinventory Ng — known CVE vulnerabilities
Every CVE whose affected-product data names Ocsinventory-ng Ocsinventory Ng, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (7)
CVE-2018-14473 — CVSS 9.1 (critical): OCS Inventory 2.4.1 lacks a proper XML parsing configuration, allowing the use of external entities. This issue can be exploited by an…
CVE-2018-12482 — CVSS 8.8 (high): OCS Inventory 2.4.1 contains multiple SQL injections in the search engine. Authentication is needed in order to exploit the issues.
CVE-2018-12483 — CVSS 8.8 (high): OCS Inventory 2.4.1 is prone to a remote command-execution vulnerability. Specifically, this issue occurs because the content of the…
CVE-2018-15537 — CVSS 8.8 (high): Unrestricted file upload (with remote code execution) in OCS Inventory NG ocsreports allows a privileged user to gain access to the server…
CVE-2018-1000558 — CVSS 6.5 (medium): OCS Inventory NG ocsreports 2.4 and ocsreports 2.3.1 version 2.4 and 2.3.1 contains a SQL Injection vulnerability in web search that can…
CVE-2018-1000557 — CVSS 6.1 (medium): OCS Inventory OCS Inventory NG version ocsreports 2.4 contains a Cross Site Scripting (XSS) vulnerability in login form and search…
CVE-2014-4722 — CVSS 4.3 (medium): Multiple cross-site scripting (XSS) vulnerabilities in the OCS Reports Web Interface in OCS Inventory NG allow remote attackers to inject…