Vulnerabilities > Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-06-19 | CVE-2020-13262 | Injection vulnerability in Gitlab Client-Side code injection through Mermaid markup in GitLab CE/EE 12.9 and later through 13.0.1 allows a specially crafted Mermaid payload to PUT requests on behalf of other users via clicking on a link | 6.1 |
| 2020-06-19 | CVE-2016-11068 | Injection vulnerability in Mattermost Server An issue was discovered in Mattermost Server before 3.2.0. | 5.3 |
| 2020-06-19 | CVE-2020-9495 | Injection vulnerability in Apache Archiva Apache Archiva login service before 2.2.5 is vulnerable to LDAP injection. | 5.3 |
| 2020-06-19 | CVE-2017-18900 | Injection vulnerability in Mattermost Server An issue was discovered in Mattermost Server before 4.1.0, 4.0.4, and 3.10.3. | 9.8 |
| 2020-06-19 | CVE-2018-21258 | Injection vulnerability in Mattermost Server An issue was discovered in Mattermost Server before 5.1. | 7.5 |
| 2020-06-04 | CVE-2019-16385 | Injection vulnerability in Cybelesoft Thinfinity Virtualui Cybele Thinfinity VirtualUI 2.5.17.2 allows HTTP response splitting via the mimetype parameter within a PDF viewer request, as demonstrated by an example.pdf?mimetype= substring. | 6.1 |
| 2020-05-14 | CVE-2020-5574 | Injection vulnerability in Sixapart Movable Type HTML attribute value injection vulnerability in Movable Type series (Movable Type 7 r.4606 (7.2.1) and earlier (Movable Type 7), Movable Type Advanced 7 r.4606 (7.2.1) and earlier (Movable Type Advanced 7), Movable Type for AWS 7 r.4606 (7.2.1) and earlier (Movable Type for AWS 7), Movable Type 6.5.3 and earlier (Movable Type 6.5), Movable Type Advanced 6.5.3 and earlier (Movable Type Advanced 6.5), Movable Type 6.3.11 and earlier (Movable Type 6.3), Movable Type Advanced 6.3.11 and earlier (Movable Type 6.3), Movable Type Premium 1.29 and earlier, and Movable Type Premium Advanced 1.29 and earlier) allows remote attackers to inject arbitrary HTML attribute value via unspecified vectors. | 5.3 |
| 2020-05-12 | CVE-2020-6245 | Injection vulnerability in SAP Businessobjects Business Intelligence Platform 4.2 SAP Business Objects Business Intelligence Platform, version 4.2, allows an attacker with access to local instance, to inject file or code that can be executed by the application due to Improper Control of Resource Identifiers. | 6.7 |
| 2020-05-11 | CVE-2020-12790 | Injection vulnerability in Nystudio107 Seomatic In the SEOmatic plugin before 3.2.49 for Craft CMS, helpers/DynamicMeta.php does not properly sanitize the URL. | 7.5 |
| 2020-05-07 | CVE-2020-11056 | Injection vulnerability in Barrelstrengthdesign Sprout Forms In Sprout Forms before 3.9.0, there is a potential Server-Side Template Injection vulnerability when using custom fields in Notification Emails which could lead to the execution of Twig code. | 6.3 |