Vulnerabilities > Mitre > Caldera

DATE CVE VULNERABILITY TITLE RISK
2022-10-17 CVE-2022-40606 Cross-site Scripting vulnerability in Mitre Caldera
MITRE CALDERA before 4.1.0 allows XSS in the Operations tab and/or Debrief plugin via a crafted operation name, a different vulnerability than CVE-2022-40605.
network
low complexity
mitre CWE-79
6.1
2022-10-17 CVE-2022-40605 Cross-site Scripting vulnerability in Mitre Caldera
MITRE CALDERA before 4.1.0 allows XSS in the Operations tab and/or Debrief plugin via a crafted operation name, a different vulnerability than CVE-2022-40606.
network
low complexity
mitre CWE-79
6.1
2022-10-17 CVE-2022-41139 Cross-site Scripting vulnerability in Mitre Caldera
MITRE CALDERA 4.1.0 allows stored XSS via app.contact.gist (aka the gist contact configuration field), leading to execution of arbitrary commands on agents.
network
low complexity
mitre CWE-79
5.4
2022-01-12 CVE-2021-42558 Cross-site Scripting vulnerability in Mitre Caldera
An issue was discovered in CALDERA 2.8.1.
network
low complexity
mitre CWE-79
6.1
2022-01-12 CVE-2021-42559 Command Injection vulnerability in Mitre Caldera
An issue was discovered in CALDERA 2.8.1.
network
low complexity
mitre CWE-77
8.8
2022-01-12 CVE-2021-42560 XXE vulnerability in Mitre Caldera 2.9.0
An issue was discovered in CALDERA 2.9.0.
network
low complexity
mitre CWE-611
8.8
2022-01-12 CVE-2021-42561 Injection vulnerability in Mitre Caldera
An issue was discovered in CALDERA 2.8.1.
network
low complexity
mitre CWE-74
8.8
2022-01-12 CVE-2021-42562 Improper Privilege Management vulnerability in Mitre Caldera
An issue was discovered in CALDERA 2.8.1.
network
low complexity
mitre CWE-269
8.1
2021-07-12 CVE-2020-19907 OS Command Injection vulnerability in Mitre Caldera
A command injection vulnerability in the sandcat plugin of Caldera 2.3.1 and earlier allows authenticated attackers to execute any command or service.
network
low complexity
mitre CWE-78
8.8
2020-06-19 CVE-2020-14462 Cross-site Scripting vulnerability in Mitre Caldera 2.7.0
CALDERA 2.7.0 allows XSS via the Operation Name box.
network
low complexity
mitre CWE-79
5.4