Vulnerabilities > Fusionauth

DATE	CVE	VULNERABILITY TITLE	RISK
2022-11-28	CVE-2022-45921	Path Traversal vulnerability in Fusionauth FusionAuth before 1.41.3 allows a file outside of the application root to be viewed or retrieved using an HTTP request. network low complexity fusionauth CWE-22	7.5
2021-04-22	CVE-2021-27736	XXE vulnerability in Fusionauth Saml V2 FusionAuth fusionauth-samlv2 before 0.5.4 allows XXE attacks via a forged AuthnRequest or LogoutRequest because parseFromBytes uses javax.xml.parsers.DocumentBuilderFactory unsafely. network low complexity fusionauth CWE-611	6.5
2020-10-02	CVE-2020-12676	Improper Verification of Cryptographic Signature vulnerability in Fusionauth Samlv2 0.2.3 FusionAuth fusionauth-samlv2 0.2.3 allows remote attackers to forge messages and bypass authentication via a SAML assertion that lacks a Signature element, aka a "Signature exclusion attack". network low complexity fusionauth CWE-347 critical	9.1
2020-01-28	CVE-2020-7799	Expression Language Injection vulnerability in Fusionauth An issue was discovered in FusionAuth before 1.11.0. network low complexity fusionauth CWE-917	7.2

Vulnerabilities > Fusionauth {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Fusionauth"}]}