Vulnerabilities > Immuta
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-11-05 | CVE-2020-15952 | Cross-site Scripting vulnerability in Immuta 2.8.2 Immuta v2.8.2 is affected by stored XSS that allows a low-privileged user to escalate privileges to administrative permissions. | 6.0 |
| 2020-11-05 | CVE-2020-15951 | Injection vulnerability in Immuta 2.8.2 Immuta v2.8.2 accepts user-supplied project names without properly sanitizing the input, allowing attackers to inject arbitrary HTML content that is rendered as part of the application. | 4.3 |
| 2020-11-05 | CVE-2020-15950 | Insufficient Session Expiration vulnerability in Immuta 2.8.2 Immuta v2.8.2 is affected by improper session management: user sessions are not revoked upon logout. | 6.8 |
| 2020-11-05 | CVE-2020-15949 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Immuta 2.8.2 Immuta v2.8.2 is affected by one instance of insecure permissions that can lead to user account takeover. | 5.0 |