Vulnerabilities > Mitre > Caldera > Medium

DATE CVE VULNERABILITY TITLE RISK
2022-10-17 CVE-2022-40606 Cross-site Scripting vulnerability in Mitre Caldera
MITRE CALDERA before 4.1.0 allows XSS in the Operations tab and/or Debrief plugin via a crafted operation name, a different vulnerability than CVE-2022-40605.
network
low complexity
mitre CWE-79
6.1
2022-10-17 CVE-2022-40605 Cross-site Scripting vulnerability in Mitre Caldera
MITRE CALDERA before 4.1.0 allows XSS in the Operations tab and/or Debrief plugin via a crafted operation name, a different vulnerability than CVE-2022-40606.
network
low complexity
mitre CWE-79
6.1
2022-10-17 CVE-2022-41139 Cross-site Scripting vulnerability in Mitre Caldera
MITRE CALDERA 4.1.0 allows stored XSS via app.contact.gist (aka the gist contact configuration field), leading to execution of arbitrary commands on agents.
network
low complexity
mitre CWE-79
5.4
2022-01-12 CVE-2021-42558 Cross-site Scripting vulnerability in Mitre Caldera
An issue was discovered in CALDERA 2.8.1.
network
mitre CWE-79
4.3
2022-01-12 CVE-2021-42559 Command Injection vulnerability in Mitre Caldera
An issue was discovered in CALDERA 2.8.1.
network
low complexity
mitre CWE-77
6.5
2022-01-12 CVE-2021-42560 XXE vulnerability in Mitre Caldera 2.9.0
An issue was discovered in CALDERA 2.9.0.
network
low complexity
mitre CWE-611
6.5
2022-01-12 CVE-2021-42562 Improper Privilege Management vulnerability in Mitre Caldera
An issue was discovered in CALDERA 2.8.1.
network
low complexity
mitre CWE-269
5.5
2020-03-22 CVE-2020-10807 Missing Authentication for Critical Function vulnerability in Mitre Caldera
auth_svc in Caldera before 2.6.5 allows authentication bypass (for REST API requests) via a forged "localhost" string in the HTTP Host header.
network
low complexity
mitre CWE-306
5.0