Vulnerabilities > Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

DATE CVE VULNERABILITY TITLE RISK
2022-06-24 CVE-2021-20543 Injection vulnerability in IBM Jazz Team Server
IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 is vulnerable to HTML injection.
network
ibm CWE-74
3.5
2022-06-23 CVE-2022-32534 Injection vulnerability in Bosch Pra-Es8P2S Firmware
The Bosch Ethernet switch PRA-ES8P2S with software version 1.01.05 and earlier was found to be vulnerable to command injection through its diagnostics web interface.
network
low complexity
bosch CWE-74
critical
10.0
2022-06-14 CVE-2021-40658 Injection vulnerability in Textpattern 4.8.7
Textpattern 4.8.7 is affected by a HTML injection vulnerability through “Content>Write>Body”.
3.5
2022-06-06 CVE-2022-29631 Injection vulnerability in Jodd Http
Jodd HTTP v6.0.9 was discovered to contain multiple CLRF injection vulnerabilities via the components jodd.http.HttpRequest#set and `jodd.http.HttpRequest#send.
network
low complexity
jodd CWE-74
5.0
2022-06-03 CVE-2022-26134 Injection vulnerability in Atlassian Confluence Data Center
In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists that would allow an unauthenticated attacker to execute arbitrary code on a Confluence Server or Data Center instance.
network
low complexity
atlassian CWE-74
7.5
2022-06-03 CVE-2022-32269 Injection vulnerability in Realnetworks Realplayer 20.0.8.310
In Real Player 20.0.8.310, the G2 Control allows injection of unsafe javascript: URIs in local HTTP error pages (displayed by Internet Explorer core).
network
low complexity
realnetworks CWE-74
7.5
2022-06-02 CVE-2020-28246 Injection vulnerability in Form Form.Io 2.0.0
A Server-Side Template Injection (SSTI) was discovered in Form.io 2.0.0.
network
low complexity
form CWE-74
7.5
2022-05-18 CVE-2022-30991 Injection vulnerability in Acronis Cyber Protect 15
HTML injection via report name.
network
acronis CWE-74
4.3
2022-05-18 CVE-2022-23068 Injection vulnerability in Tooljet
ToolJet versions v0.6.0 to v1.10.2 are vulnerable to HTML injection where an attacker can inject malicious code inside the first name and last name field while inviting a new user which will be reflected in the invitational e-mail.
network
tooljet CWE-74
3.5
2022-05-11 CVE-2022-22975 Injection vulnerability in VMWare Pinniped
An issue was discovered in the Pinniped Supervisor with either LADPIdentityProvider or ActiveDirectoryIdentityProvider resources.
network
vmware CWE-74
6.0