Vulnerabilities > Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-10-10 | CVE-2018-18207 | Injection vulnerability in Virtualmin 6.03 Virtualmin 6.03 allows Frame Injection via the settings-editor_read.cgi file parameter. | 4.3 |
| 2018-09-09 | CVE-2018-16763 | Injection vulnerability in Thedaylightstudio Fuel CMS FUEL CMS 1.4.1 allows PHP Code Evaluation via the pages/select/ filter parameter or the preview/ data parameter. | 7.5 |
| 2018-09-07 | CVE-2017-1115 | Injection vulnerability in IBM Campaign 10.0/9.1/9.1.2 IBM Campaign 9.1, 9.1.2, and 10 is vulnerable to HTML injection. | 3.5 |
| 2018-07-19 | CVE-2018-9062 | Injection vulnerability in Lenovo products In some Lenovo ThinkPad products, one BIOS region is not properly included in the checks, allowing injection of arbitrary code. | 7.2 |
| 2018-07-10 | CVE-2018-1549 | Injection vulnerability in IBM Rational Quality Manager IBM Rational Quality Manager 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to HTTP response splitting attacks. | 4.9 |
| 2018-07-09 | CVE-2018-4995 | Injection vulnerability in Adobe Acrobat DC and Acrobat Reader DC Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an XFA '\n' POST injection vulnerability. | 7.5 |
| 2018-06-21 | CVE-2018-0313 | Injection vulnerability in Cisco Nx-Os A vulnerability in the NX-API feature of Cisco NX-OS Software could allow an authenticated, remote attacker to send a malicious packet to the management interface on an affected system and execute a command-injection exploit. | 9.0 |
| 2018-06-11 | CVE-2017-7848 | Injection vulnerability in multiple products RSS fields can inject new lines into the created email structure, modifying the message body. | 5.0 |
| 2018-06-11 | CVE-2017-7846 | Injection vulnerability in multiple products It is possible to execute JavaScript in the parsed RSS feed when RSS feed is viewed as a website, e.g. | 6.8 |
| 2018-06-11 | CVE-2017-7788 | Injection vulnerability in Mozilla Firefox When an "iframe" has a "sandbox" attribute and its content is specified using "srcdoc", that content does not inherit the containing page's Content Security Policy (CSP) as it should unless the sandbox attribute included "allow-same-origin". | 7.5 |