Vulnerabilities > Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-11-24 | CVE-2020-13942 | Injection vulnerability in Apache Unomi 1.5.0/1.5.1 It is possible to inject malicious OGNL or MVEL scripts into the /context.json public endpoint. | 9.8 |
| 2020-11-18 | CVE-2020-26081 | Injection vulnerability in Cisco IOT Field Network Director Multiple vulnerabilities in the web UI of Cisco IoT Field Network Director (FND) could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against users on an affected system. | 6.1 |
| 2020-11-18 | CVE-2020-26884 | Injection vulnerability in RSA Archer RSA Archer 6.8 through 6.8.0.3 and 6.9 contains a URL injection vulnerability. | 6.1 |
| 2020-11-16 | CVE-2020-27627 | Injection vulnerability in Jetbrains Teamcity JetBrains TeamCity before 2020.1.2 was vulnerable to URL injection. | 6.1 |
| 2020-11-02 | CVE-2020-28031 | Injection vulnerability in Eramba 2.8.1 eramba through c2.8.1 allows HTTP Host header injection with (for example) resultant wkhtml2pdf PDF printing by authenticated users. | 4.3 |
| 2020-10-21 | CVE-2020-3561 | Injection vulnerability in Cisco Firepower Threat Defense A vulnerability in the Clientless SSL VPN (WebVPN) of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to inject arbitrary HTTP headers in the responses of the affected system. | 4.7 |
| 2020-10-16 | CVE-2020-15252 | Injection vulnerability in Xwiki In XWiki before version 12.5 and 11.10.6, any user with SCRIPT right (EDIT right before XWiki 7.4) can gain access to the application server Servlet context which contains tools allowing to instantiate arbitrary Java objects and invoke methods that may lead to arbitrary code execution. | 8.8 |
| 2020-10-07 | CVE-2020-25768 | Injection vulnerability in Contao Contao before 4.4.52, 4.9.x before 4.9.6, and 4.10.x before 4.10.1 have Improper Input Validation. | 5.3 |
| 2020-09-30 | CVE-2020-26137 | Injection vulnerability in multiple products urllib3 before 1.25.9 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of putrequest(). | 6.5 |
| 2020-09-30 | CVE-2020-21523 | Injection vulnerability in Halo 1.1.3 A Server-Side Freemarker template injection vulnerability in halo CMS v1.1.3 In the Edit Theme File function. | 9.8 |