Vulnerabilities > Labkey > Labkey Server > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-10-29 | CVE-2019-9758 | Cross-site Scripting vulnerability in Labkey Server 19.1.0 An issue was discovered in LabKey Server 19.1.0. | 5.4 |
| 2019-01-30 | CVE-2019-3913 | OS Command Injection vulnerability in Labkey Server Command manipulation in LabKey Server Community Edition before 18.3.0-61806.763 allows an authenticated remote attacker to unmount any drive on the system leading to denial of service. | 4.9 |
| 2019-01-30 | CVE-2019-3912 | Open Redirect vulnerability in Labkey Server An open redirect vulnerability in LabKey Server Community Edition before 18.3.0-61806.763 via the /__r1/ returnURL parameter allows an unauthenticated remote attacker to redirect users to arbitrary web sites. | 6.1 |
| 2019-01-30 | CVE-2019-3911 | Cross-site Scripting vulnerability in Labkey Server Reflected cross-site scripting (XSS) vulnerability in LabKey Server Community Edition before 18.3.0-61806.763 allows an unauthenticated remote attacker to inject arbitrary javascript via the onerror parameter in the /__r2/query endpoints. | 6.1 |