Filtered by vendor Pentaho
Subscriptions
Filtered by product Bi Server
Subscriptions
Total
3 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2009-5099 | 1 Pentaho | 1 Bi Server | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in ViewAction in Pentaho BI Server 1.7.0.1062 and earlier allows remote attackers to inject arbitrary web script or HTML via the outputType parameter. | ||||
| CVE-2009-5100 | 1 Pentaho | 1 Bi Server | 2025-04-11 | N/A |
| Pentaho BI Server 1.7.0.1062 and earlier does not set the autocomplete tag to off on web pages using a password field, which might allow physically proximate attackers to obtain the password. | ||||
| CVE-2009-5101 | 1 Pentaho | 1 Bi Server | 2025-04-11 | N/A |
| Pentaho BI Server 1.7.0.1062 and earlier includes the session ID (JSESSIONID) in the URL, which allows attackers to obtain it from session history, referer headers, or sniffing of web traffic. | ||||
Page 1 of 1.