Vulnerabilities > Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-07-12 | CVE-2019-1010310 | Injection vulnerability in Glpi-Project Glpi 9.3.1 GLPI GLPI Product 9.3.1 is affected by: Frame and Form tags Injection allowing admins to phish users by putting code in reminder description. | 3.5 |
| 2019-07-10 | CVE-2019-0319 | Injection vulnerability in SAP Gateway and UI5 The SAP Gateway, versions 7.5, 7.51, 7.52 and 7.53, allows an attacker to inject content which is displayed in the form of an error message. | 7.5 |
| 2019-07-09 | CVE-2019-13146 | Injection vulnerability in Field Test Project Field Test 0.3.0 The field_test gem 0.3.0 for Ruby has unvalidated input. | 5.3 |
| 2019-06-29 | CVE-2016-10761 | Injection vulnerability in Logitech products Logitech Unifying devices before 2016-02-26 allow keystroke injection, bypassing encryption, aka MouseJack. | 6.5 |
| 2019-06-26 | CVE-2019-12966 | Injection vulnerability in Fehelper Project Fehelper 20190619 FeHelper through 2019-06-19 allows arbitrary code execution during a JSON format operation, as demonstrated by the {"a":(function(){confirm(1)})()} input. | 9.8 |
| 2019-06-17 | CVE-2019-8323 | Injection vulnerability in multiple products An issue was discovered in RubyGems 2.6 and later through 3.0.2. | 7.5 |
| 2019-06-17 | CVE-2019-8322 | Injection vulnerability in multiple products An issue was discovered in RubyGems 2.6 and later through 3.0.2. | 7.5 |
| 2019-06-17 | CVE-2019-8325 | Injection vulnerability in multiple products An issue was discovered in RubyGems 2.6 and later through 3.0.2. | 7.5 |
| 2019-06-12 | CVE-2019-0304 | Injection vulnerability in SAP products FTP Function of SAP NetWeaver AS ABAP Platform, versions- KRNL32NUC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64NUC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, KRNL64UC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.73, KERNEL 7.21, 7.45, 7.49, 7.53, 7.73, allows an attacker to inject code or specifically manipulated command that can be executed by the application. | 9.8 |
| 2019-06-10 | CVE-2019-12387 | Injection vulnerability in multiple products In Twisted before 19.2.1, twisted.web did not validate or sanitize URIs or HTTP methods, allowing an attacker to inject invalid characters such as CRLF. | 6.1 |