Vulnerabilities > Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-04-19 | CVE-2019-11354 | Injection vulnerability in EA Origin 10.5.36 The client in Electronic Arts (EA) Origin 10.5.36 on Windows allows template injection in the title parameter of the Origin2 URI handler. | 6.8 |
| 2019-04-08 | CVE-2018-1943 | Injection vulnerability in IBM Cloud Private 3.1.0/3.1.1 IBM Cloud Private 3.1.0 and 3.1.1 is vulnerable to HTTP HOST header injection, caused by improper validation of input. | 3.5 |
| 2019-04-03 | CVE-2015-5462 | Injection vulnerability in Axiomsl Axiom 9.5.3 AxiomSL's Axiom Google Web Toolkit module 9.5.3 and earlier allows remote attackers to inject HTML into the scoping dashboard features. | 4.3 |
| 2019-04-03 | CVE-2018-4153 | Injection vulnerability in Apple mac OS X An injection issue was addressed with improved validation. | 4.3 |
| 2019-02-20 | CVE-2019-8948 | Injection vulnerability in Papercut MF and Papercut NG PaperCut MF before 18.3.6 and PaperCut NG before 18.3.6 allow script injection via the user interface, aka PC-15163. | 7.5 |
| 2019-02-05 | CVE-2018-18992 | Injection vulnerability in Lcds Laquis Scada 4.1.0.3870 LCDS Laquis SCADA prior to version 4.1.0.4150 allows taking in user input without proper sanitation, which may allow an attacker to execute remote code on the server. | 6.8 |
| 2019-02-05 | CVE-2017-1202 | Injection vulnerability in IBM Bigfix Compliance 1.7/1.8/1.9.91 IBM BigFix Compliance 1.7 through 1.9.91 (TEMA SUAv1 SCA SCM) is vulnerable to HTML injection. | 3.5 |
| 2019-02-04 | CVE-2019-7351 | Injection vulnerability in Zoneminder Log Injection exists in ZoneMinder through 1.32.3, as an attacker can entice the victim to visit a specially crafted link, which in turn will inject a custom Log message provided by the attacker in the 'log' view page, as demonstrated by the message=User%20'admin'%20Logged%20in value. | 4.3 |
| 2019-02-01 | CVE-2018-16492 | Injection vulnerability in Extend Project Extend A prototype pollution vulnerability was found in module extend <2.0.2, ~<3.0.2 that allows an attacker to inject arbitrary properties onto Object.prototype. | 7.5 |
| 2019-02-01 | CVE-2018-16491 | Injection vulnerability in Dreamerslab Node.Extend A prototype pollution vulnerability was found in node.extend <1.1.7, ~<2.0.1 that allows an attacker to inject arbitrary properties onto Object.prototype. | 7.5 |