Vulnerabilities > Mitre > Caldera > 2.9.0

DATE CVE VULNERABILITY TITLE RISK
2022-10-17 CVE-2022-40606 Cross-site Scripting vulnerability in Mitre Caldera
MITRE CALDERA before 4.1.0 allows XSS in the Operations tab and/or Debrief plugin via a crafted operation name, a different vulnerability than CVE-2022-40605.
network
low complexity
mitre CWE-79
6.1
6.1
2022-10-17 CVE-2022-40605 Cross-site Scripting vulnerability in Mitre Caldera
MITRE CALDERA before 4.1.0 allows XSS in the Operations tab and/or Debrief plugin via a crafted operation name, a different vulnerability than CVE-2022-40606.
network
low complexity
mitre CWE-79
6.1
6.1
2022-10-17 CVE-2022-41139 Cross-site Scripting vulnerability in Mitre Caldera
MITRE CALDERA 4.1.0 allows stored XSS via app.contact.gist (aka the gist contact configuration field), leading to execution of arbitrary commands on agents.
network
low complexity
mitre CWE-79
5.4
5.4
2022-01-12 CVE-2021-42560 XXE vulnerability in Mitre Caldera 2.9.0
An issue was discovered in CALDERA 2.9.0.
network
low complexity
mitre CWE-611
6.5
6.5