Progress Telerik Reporting vulnerabilities
14 known vulnerabilities affecting progress/telerik_reporting.
Total CVEs
14
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH9MEDIUM4
Vulnerabilities
Page 1 of 1
CVE-2017-9140P3MEDIUMCVSS 6.1PoCfixed in 11.0.17.4062017-05-22
CVE-2017-9140 [MEDIUM] CWE-79 CVE-2017-9140: Cross-site scripting (XSS) vulnerability in Telerik.ReportViewer.WebForms.dll in Telerik Reporting f
Cross-site scripting (XSS) vulnerability in Telerik.ReportViewer.WebForms.dll in Telerik Reporting for ASP.NET WebForms Report Viewer control before R1 2017 SP2 (11.0.17.406) allows remote attackers to inject arbitrary web script or HTML via the bgColor parameter to Telerik.ReportViewer.axd.
nvd
CVE-2024-6096P3CRITICALCVSS 9.8fixed in 18.1.24.7092024-07-24
CVE-2024-6096 [CRITICAL] CWE-470 CVE-2024-6096: In Progress® Telerik® Reporting versions prior to 18.1.24.709, a code execution attack is possible t
In Progress® Telerik® Reporting versions prior to 18.1.24.709, a code execution attack is possible through object injection via an insecure type resolution vulnerability.
nvd
CVE-2024-1856P3HIGHCVSS 8.8fixed in 18.0.24.1302024-03-20
CVE-2024-1856 [HIGH] CWE-502 CVE-2024-1856: In Progress® Telerik® Reporting versions prior to 2024 Q1 (18.0.24.130), a code execution attack is
In Progress® Telerik® Reporting versions prior to 2024 Q1 (18.0.24.130), a code execution attack is possible by a remote threat actor through an insecure deserialization vulnerability.
nvd
CVE-2024-8014P3HIGHCVSS 8.8fixed in 18.2.24.9242024-10-09
CVE-2024-8014 [HIGH] CWE-470 CVE-2024-8014: In Progress Telerik Reporting versions prior to 2024 Q3 (18.2.24.924), a code execution attack is po
In Progress Telerik Reporting versions prior to 2024 Q3 (18.2.24.924), a code execution attack is possible through object injection via an insecure type resolution vulnerability.
nvd
CVE-2024-7293P3HIGHCVSS 8.8fixed in 10.2.24.8062024-10-09
CVE-2024-7293 [HIGH] CWE-521 CVE-2024-7293: In Progress® Telerik® Report Server versions prior to 2024 Q3 (10.2.24.806), a password brute forcin
In Progress® Telerik® Report Server versions prior to 2024 Q3 (10.2.24.806), a password brute forcing attack is possible through weak password requirements.
nvd
CVE-2024-4202P3HIGHCVSS 8.6fixed in 18.1.24.5142024-05-15
CVE-2024-4202 [HIGH] CWE-94 CVE-2024-4202: In Progress® Telerik® Reporting versions prior to 2024 Q2 (18.1.24.514), a code execution attack is
In Progress® Telerik® Reporting versions prior to 2024 Q2 (18.1.24.514), a code execution attack is possible through an insecure instantiation vulnerability.
nvd
CVE-2024-1801P3HIGHCVSS 7.8fixed in 18.0.24.1302024-03-20
CVE-2024-1801 [HIGH] CWE-502 CVE-2024-1801: In Progress® Telerik® Reporting versions prior to 2024 Q1 (18.0.24.130), a code execution attack is
In Progress® Telerik® Reporting versions prior to 2024 Q1 (18.0.24.130), a code execution attack is possible by a local threat actor through an insecure deserialization vulnerability.
nvd
CVE-2024-0832P3HIGHCVSS 7.8fixed in 18.0.24.1302024-01-31
CVE-2024-0832 [HIGH] CWE-269 CVE-2024-0832: In Telerik Reporting versions prior to 2024 R1, a privilege elevation vulnerability has been identif
In Telerik Reporting versions prior to 2024 R1, a privilege elevation vulnerability has been identified in the applications installer component. In an environment where an existing Telerik Reporting install is present, a lower privileged user has the ability to manipulate the installation package to elevate their privileges on the underlying operating s
nvd
CVE-2024-7840P3HIGHCVSS 7.8≤ 18.2.24.9242024-10-09
CVE-2024-7840 [HIGH] CWE-77 CVE-2024-7840: In Progress Telerik Reporting versions prior to 2024 Q3 (18.2.24.924), a command injection attack is
In Progress Telerik Reporting versions prior to 2024 Q3 (18.2.24.924), a command injection attack is possible through improper neutralization of hyperlink elements.
nvd
CVE-2024-8048P3HIGHCVSS 7.8fixed in 18.2.24.9242024-10-09
CVE-2024-8048 [HIGH] CWE-470 CVE-2024-8048: In Progress Telerik Reporting versions prior to 2024 Q3 (18.2.24.924), a code execution attack is po
In Progress Telerik Reporting versions prior to 2024 Q3 (18.2.24.924), a code execution attack is possible using object injection via insecure expression evaluation.
nvd
CVE-2024-4200P3HIGHCVSS 7.8fixed in 18.1.24.5142024-05-15
CVE-2024-4200 [HIGH] CWE-502 CVE-2024-4200: In Progress® Telerik® Reporting versions prior to 2024 Q2 (18.1.24.2.514), a code execution attack i
In Progress® Telerik® Reporting versions prior to 2024 Q2 (18.1.24.2.514), a code execution attack is possible by a local threat actor through an insecure deserialization vulnerability.
nvd
CVE-2024-4357P3MEDIUMCVSS 6.5fixed in 10.1.24.5142024-05-15
CVE-2024-4357 [MEDIUM] CWE-611 CVE-2024-4357: An information disclosure vulnerability exists in Progress Telerik Report Server, version 2024 Q1 (1
An information disclosure vulnerability exists in Progress Telerik Report Server, version 2024 Q1 (10.0.24.305) or earlier, allows low-privilege attacker to read systems file via XML External Entity Processing.
nvd
CVE-2024-7294P4MEDIUMCVSS 6.5fixed in 10.2.24.8062024-10-09
CVE-2024-7294 [MEDIUM] CWE-400 CVE-2024-7294: In Progress® Telerik® Report Server versions prior to 2024 Q3 (10.2.24.806), an HTTP DoS attack is p
In Progress® Telerik® Report Server versions prior to 2024 Q3 (10.2.24.806), an HTTP DoS attack is possible on anonymous endpoints without rate limiting.
nvd
CVE-2024-6097P4MEDIUMCVSS 5.3fixed in 19.0.25.2112025-02-12
CVE-2024-6097 [MEDIUM] CWE-36 CVE-2024-6097: In Progress® Telerik® Reporting versions prior to 2025 Q1 (19.0.25.211), information disclosure is p
In Progress® Telerik® Reporting versions prior to 2025 Q1 (19.0.25.211), information disclosure is possible by a local threat actor through an absolute path vulnerability.
nvd