Vulnerabilities > Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-06-24 | CVE-2021-20543 | Injection vulnerability in IBM Jazz Team Server IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 is vulnerable to HTML injection. | 3.5 |
| 2022-06-23 | CVE-2022-32534 | Injection vulnerability in Bosch Pra-Es8P2S Firmware The Bosch Ethernet switch PRA-ES8P2S with software version 1.01.05 and earlier was found to be vulnerable to command injection through its diagnostics web interface. | 10.0 |
| 2022-06-14 | CVE-2021-40658 | Injection vulnerability in Textpattern 4.8.7 Textpattern 4.8.7 is affected by a HTML injection vulnerability through “Content>Write>Body”. | 3.5 |
| 2022-06-06 | CVE-2022-29631 | Injection vulnerability in Jodd Http Jodd HTTP v6.0.9 was discovered to contain multiple CLRF injection vulnerabilities via the components jodd.http.HttpRequest#set and `jodd.http.HttpRequest#send. | 5.0 |
| 2022-06-03 | CVE-2022-26134 | Injection vulnerability in Atlassian Confluence Data Center In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists that would allow an unauthenticated attacker to execute arbitrary code on a Confluence Server or Data Center instance. | 7.5 |
| 2022-06-03 | CVE-2022-32269 | Injection vulnerability in Realnetworks Realplayer 20.0.8.310 In Real Player 20.0.8.310, the G2 Control allows injection of unsafe javascript: URIs in local HTTP error pages (displayed by Internet Explorer core). | 7.5 |
| 2022-06-02 | CVE-2020-28246 | Injection vulnerability in Form Form.Io 2.0.0 A Server-Side Template Injection (SSTI) was discovered in Form.io 2.0.0. | 7.5 |
| 2022-05-18 | CVE-2022-30991 | Injection vulnerability in Acronis Cyber Protect 15 HTML injection via report name. | 4.3 |
| 2022-05-18 | CVE-2022-23068 | Injection vulnerability in Tooljet ToolJet versions v0.6.0 to v1.10.2 are vulnerable to HTML injection where an attacker can inject malicious code inside the first name and last name field while inviting a new user which will be reflected in the invitational e-mail. | 3.5 |
| 2022-05-11 | CVE-2022-22975 | Injection vulnerability in VMWare Pinniped An issue was discovered in the Pinniped Supervisor with either LADPIdentityProvider or ActiveDirectoryIdentityProvider resources. | 6.0 |