Vulnerabilities > Beego > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-09-14 | CVE-2021-39391 | Cross-site Scripting vulnerability in Beego 2.0.1 Cross Site Scripting (XSS) vulnerability exists in the admin panel in Beego v2.0.1 via the URI path in an HTTP request, which is activated by administrators viewing the "Request Statistics" page. | 6.1 |
| 2019-09-16 | CVE-2019-16355 | Incorrect Default Permissions vulnerability in Beego 1.10.0 The File Session Manager in Beego 1.10.0 allows local users to read session files because of weak permissions for individual files. | 5.5 |
| 2019-09-16 | CVE-2019-16354 | Incorrect Permission Assignment for Critical Resource vulnerability in Beego 1.10.0 The File Session Manager in Beego 1.10.0 allows local users to read session files because there is a race condition involving file creation within a directory with weak permissions. | 4.7 |