Vulnerabilities > Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-12-06 | CVE-2023-6458 | Injection vulnerability in Mattermost Server Mattermost webapp fails to validate route parameters in/<TEAM_NAME>/channels/<CHANNEL_NAME> allowing an attacker to perform a client-side path traversal. | 9.8 |
| 2023-12-06 | CVE-2023-22522 | Injection vulnerability in Atlassian Confluence Server This Template Injection vulnerability allows an authenticated attacker, including one with anonymous access, to inject unsafe user input into a Confluence page. | 8.8 |
| 2023-11-27 | CVE-2023-35075 | Injection vulnerability in Mattermost Mattermost fails to use innerText / textContent when setting the channel name in the webapp during autocomplete, allowing an attacker to inject HTML to a victim's page by create a channel name that is valid HTML. | 5.4 |
| 2023-11-23 | CVE-2023-49214 | Injection vulnerability in Usedesk Usedesk before 1.7.57 allows chat template injection. | 9.8 |
| 2023-11-20 | CVE-2023-5340 | Injection vulnerability in Fivestarplugins Five Star Restaurant Menu The Five Star Restaurant Menu and Food Ordering WordPress plugin before 2.4.11 unserializes user input via an AJAX action available to unauthenticated users, allowing them to perform PHP Object Injection when a suitable gadget is present on the blog. | 9.8 |
| 2023-11-20 | CVE-2022-46337 | Injection vulnerability in Apache Derby A cleverly devised username might bypass LDAP authentication checks. | 9.8 |
| 2023-11-16 | CVE-2023-6174 | Injection vulnerability in multiple products SSH dissector crash in Wireshark 4.0.0 to 4.0.10 allows denial of service via packet injection or crafted capture file | 6.5 |
| 2023-11-15 | CVE-2023-48199 | Injection vulnerability in Grocy Project Grocy 4.0.3 HTML Injection vulnerability in the 'manageApiKeys' component in Grocy <= 4.0.3 allows attackers to inject arbitrary HTML content without script execution. | 7.8 |
| 2023-11-03 | CVE-2023-4767 | Injection vulnerability in Zohocorp Manageengine Desktop Central 9.1.0 A CRLF injection vulnerability has been found in ManageEngine Desktop Central affecting version 9.1.0. | 6.1 |
| 2023-11-01 | CVE-2023-4197 | Injection vulnerability in Dolibarr Erp/Crm Improper input validation in Dolibarr ERP CRM <= v18.0.1 fails to strip certain PHP code from user-supplied input when creating a Website, allowing an attacker to inject and evaluate arbitrary PHP code. | 8.8 |