Vulnerabilities > Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2019-04-03 | CVE-2018-4153 | Injection vulnerability in Apple mac OS X An injection issue was addressed with improved validation. | 5.9 |
2019-03-06 | CVE-2019-9614 | Injection vulnerability in Ofcms Project Ofcms 1.1.1/1.1.2 An issue was discovered in OFCMS before 1.1.3. | 8.8 |
2019-02-20 | CVE-2019-8948 | Injection vulnerability in Papercut MF PaperCut MF before 18.3.6 and PaperCut NG before 18.3.6 allow script injection via the user interface, aka PC-15163. | 9.8 |
2019-02-05 | CVE-2018-18992 | Injection vulnerability in Lcds Laquis Scada 4.1/4.1.0.3391/4.1.0.3870 LCDS Laquis SCADA prior to version 4.1.0.4150 allows taking in user input without proper sanitation, which may allow an attacker to execute remote code on the server. | 8.8 |
2019-02-05 | CVE-2017-1202 | Injection vulnerability in IBM Bigfix Compliance 1.7/1.8/1.9.91 IBM BigFix Compliance 1.7 through 1.9.91 (TEMA SUAv1 SCA SCM) is vulnerable to HTML injection. | 5.4 |
2019-02-04 | CVE-2019-7351 | Injection vulnerability in Zoneminder Log Injection exists in ZoneMinder through 1.32.3, as an attacker can entice the victim to visit a specially crafted link, which in turn will inject a custom Log message provided by the attacker in the 'log' view page, as demonstrated by the message=User%20'admin'%20Logged%20in value. | 6.5 |
2019-02-01 | CVE-2018-16492 | Injection vulnerability in Extend Project Extend A prototype pollution vulnerability was found in module extend <2.0.2, ~<3.0.2 that allows an attacker to inject arbitrary properties onto Object.prototype. | 9.8 |
2019-02-01 | CVE-2018-16491 | Injection vulnerability in Dreamerslab Node.Extend A prototype pollution vulnerability was found in node.extend <1.1.7, ~<2.0.1 that allows an attacker to inject arbitrary properties onto Object.prototype. | 9.8 |
2019-02-01 | CVE-2018-16490 | Injection vulnerability in Mpath Project Mpath A prototype pollution vulnerability was found in module mpath <0.5.1 that allows an attacker to inject arbitrary properties onto Object.prototype. | 7.5 |
2019-02-01 | CVE-2018-16489 | Injection vulnerability in Just-Extend Project Just-Extend A prototype pollution vulnerability was found in just-extend <4.0.0 that allows attack to inject properties onto Object.prototype through its functions. | 9.8 |