Vulnerabilities > Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

DATE CVE VULNERABILITY TITLE RISK
2023-12-07 CVE-2023-48205 Injection vulnerability in Jorani Leave Management System 1.0.2
Jorani Leave Management System 1.0.2 allows a remote attacker to spoof a Host header associated with password reset emails.
network
low complexity
jorani CWE-74
5.3
2023-12-07 CVE-2023-48826 Injection vulnerability in PHPjabbers Time Slots Booking Calendar 4.0
Time Slots Booking Calendar 4.0 is vulnerable to CSV Injection via the unique ID field of the Reservations List.
network
low complexity
phpjabbers CWE-74
8.8
2023-12-07 CVE-2023-48830 Injection vulnerability in PHPjabbers Shuttle Booking Software 2.0
Shuttle Booking Software 2.0 is vulnerable to CSV Injection in the Languages section via an export.
network
low complexity
phpjabbers CWE-74
8.8
2023-12-07 CVE-2023-48835 Injection vulnerability in PHPjabbers CAR Rental Script 3.0
Car Rental Script v3.0 is vulnerable to CSV Injection via a Language > Labels > Export action.
network
low complexity
phpjabbers CWE-74
8.8
2023-12-07 CVE-2023-48841 Injection vulnerability in PHPjabbers Appointment Scheduler 3.0
Appointment Scheduler 3.0 is vulnerable to CSV Injection via a Language > Labels > Export action.
network
low complexity
phpjabbers CWE-74
8.8
2023-12-06 CVE-2023-6458 Injection vulnerability in Mattermost Server
Mattermost webapp fails to validate route parameters in/<TEAM_NAME>/channels/<CHANNEL_NAME> allowing an attacker to perform a client-side path traversal.
network
low complexity
mattermost CWE-74
critical
9.8
2023-12-06 CVE-2023-22522 Injection vulnerability in Atlassian Confluence Server
This Template Injection vulnerability allows an authenticated attacker, including one with anonymous access, to inject unsafe user input into a Confluence page.
network
low complexity
atlassian CWE-74
8.8
2023-11-27 CVE-2023-35075 Injection vulnerability in Mattermost
Mattermost fails to use  innerText / textContent when setting the channel name in the webapp during autocomplete, allowing an attacker to inject HTML to a victim's page by create a channel name that is valid HTML.
network
low complexity
mattermost CWE-74
5.4
2023-11-23 CVE-2023-49214 Injection vulnerability in Usedesk
Usedesk before 1.7.57 allows chat template injection.
network
low complexity
usedesk CWE-74
critical
9.8
2023-11-20 CVE-2023-5340 Injection vulnerability in Fivestarplugins Five Star Restaurant Menu
The Five Star Restaurant Menu and Food Ordering WordPress plugin before 2.4.11 unserializes user input via an AJAX action available to unauthenticated users, allowing them to perform PHP Object Injection when a suitable gadget is present on the blog.
network
low complexity
fivestarplugins CWE-74
critical
9.8