Vulnerabilities > Inedo > Proget > 3.5.7

DATE CVE VULNERABILITY TITLE RISK
2018-09-26 CVE-2017-15608 Cross-Site Request Forgery (CSRF) vulnerability in Inedo Proget
Inedo ProGet before 5.0 Beta5 has CSRF, allowing an attacker to change advanced settings.
network
inedo CWE-352
4.3
4.3
2017-09-30 CVE-2017-14944 Improper Input Validation vulnerability in Inedo Proget
Inedo ProGet before 4.7.14 does not properly address dangerous package IDs during package addition, aka PG-1060.
network
low complexity
inedo CWE-20
5.0
5.0