Vulnerabilities > Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-05-14 | CVE-2020-5574 | Injection vulnerability in Sixapart Movable Type HTML attribute value injection vulnerability in Movable Type series (Movable Type 7 r.4606 (7.2.1) and earlier (Movable Type 7), Movable Type Advanced 7 r.4606 (7.2.1) and earlier (Movable Type Advanced 7), Movable Type for AWS 7 r.4606 (7.2.1) and earlier (Movable Type for AWS 7), Movable Type 6.5.3 and earlier (Movable Type 6.5), Movable Type Advanced 6.5.3 and earlier (Movable Type Advanced 6.5), Movable Type 6.3.11 and earlier (Movable Type 6.3), Movable Type Advanced 6.3.11 and earlier (Movable Type 6.3), Movable Type Premium 1.29 and earlier, and Movable Type Premium Advanced 1.29 and earlier) allows remote attackers to inject arbitrary HTML attribute value via unspecified vectors. | 5.3 |
| 2020-05-12 | CVE-2020-6245 | Injection vulnerability in SAP Businessobjects Business Intelligence Platform 4.2 SAP Business Objects Business Intelligence Platform, version 4.2, allows an attacker with access to local instance, to inject file or code that can be executed by the application due to Improper Control of Resource Identifiers. | 6.7 |
| 2020-05-11 | CVE-2020-12790 | Injection vulnerability in Nystudio107 Seomatic In the SEOmatic plugin before 3.2.49 for Craft CMS, helpers/DynamicMeta.php does not properly sanitize the URL. | 7.5 |
| 2020-05-07 | CVE-2020-11056 | Injection vulnerability in Barrelstrengthdesign Sprout Forms In Sprout Forms before 3.9.0, there is a potential Server-Side Template Injection vulnerability when using custom fields in Notification Emails which could lead to the execution of Twig code. | 6.3 |
| 2020-05-06 | CVE-2020-3246 | Injection vulnerability in Cisco Umbrella A vulnerability in the web server of Cisco Umbrella could allow an unauthenticated, remote attacker to perform a carriage return line feed (CRLF) injection attack against a user of an affected service. | 4.3 |
| 2020-05-06 | CVE-2020-12108 | Injection vulnerability in multiple products /options/mailman in GNU Mailman before 2.1.31 allows Arbitrary Content Injection. | 6.5 |
| 2020-05-04 | CVE-2020-5336 | Injection vulnerability in RSA Archer RSA Archer, versions prior to 6.7 P1 (6.7.0.1), contain a URL injection vulnerability. | 6.1 |
| 2020-05-04 | CVE-2019-13285 | Injection vulnerability in Cososys Endpoint Protector 5.1.0.2 CoSoSys Endpoint Protector 5.1.0.2 allows Host Header Injection. | 7.5 |
| 2020-05-04 | CVE-2020-1961 | Injection vulnerability in Apache Syncope Vulnerability to Server-Side Template Injection on Mail templates for Apache Syncope 2.0.X releases prior to 2.0.15, 2.1.X releases prior to 2.1.6, enabling attackers to inject arbitrary JEXL expressions, leading to Remote Code Execution (RCE) was discovered. | 9.8 |
| 2020-04-30 | CVE-2019-12425 | Injection vulnerability in Apache Ofbiz 17.12.01 Apache OFBiz 17.12.01 is vulnerable to Host header injection by accepting arbitrary host | 7.5 |