Vulnerabilities > Elabftw
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-10-14 | CVE-2024-47826 | Code Injection vulnerability in Elabftw eLabFTW is an open source electronic lab notebook for research labs. | 6.1 |
| 2024-09-02 | CVE-2024-28100 | Cross-site Scripting vulnerability in Elabftw eLabFTW is an open source electronic lab notebook for research labs. | 5.4 |
| 2022-08-01 | CVE-2022-31178 | Incorrect Authorization vulnerability in Elabftw eLabFTW is an electronic lab notebook manager for research teams. | 4.3 |
| 2022-05-31 | CVE-2022-31007 | Unspecified vulnerability in Elabftw eLabFTW is an electronic lab notebook manager for research teams. | 7.2 |
| 2021-12-16 | CVE-2021-43833 | Improper Authentication vulnerability in Elabftw eLabFTW is an electronic lab notebook manager for research teams. | 8.8 |
| 2021-12-16 | CVE-2021-43834 | Improper Authentication vulnerability in Elabftw eLabFTW is an electronic lab notebook manager for research teams. | 9.8 |
| 2021-10-22 | CVE-2021-41171 | Improper Restriction of Excessive Authentication Attempts vulnerability in Elabftw eLabFTW is an open source electronic lab notebook manager for research teams. | 8.8 |
| 2021-06-21 | CVE-2021-32698 | Server-Side Request Forgery (SSRF) vulnerability in Elabftw eLabFTW is an open source electronic lab notebook for research labs. | 4.9 |
| 2019-05-20 | CVE-2019-12185 | Unrestricted Upload of File with Dangerous Type vulnerability in Elabftw 1.8.5 eLabFTW 1.8.5 is vulnerable to arbitrary file uploads via the /app/controllers/EntityController.php component. | 8.8 |
| 2018-01-03 | CVE-2017-1000478 | Cross-site Scripting vulnerability in Elabftw 1.7.8 ELabftw version 1.7.8 is vulnerable to stored cross-site scripting in the experiment infos component resulting in arbitrary execution of JavaScript and denial of service. | 5.4 |