Vulnerabilities > Mitre > Medium

DATE CVE VULNERABILITY TITLE RISK
2022-10-17 CVE-2022-40606 Cross-site Scripting vulnerability in Mitre Caldera
MITRE CALDERA before 4.1.0 allows XSS in the Operations tab and/or Debrief plugin via a crafted operation name, a different vulnerability than CVE-2022-40605.
network
low complexity
mitre CWE-79
6.1
2022-10-17 CVE-2022-40605 Cross-site Scripting vulnerability in Mitre Caldera
MITRE CALDERA before 4.1.0 allows XSS in the Operations tab and/or Debrief plugin via a crafted operation name, a different vulnerability than CVE-2022-40606.
network
low complexity
mitre CWE-79
6.1
2022-10-17 CVE-2022-41139 Cross-site Scripting vulnerability in Mitre Caldera
MITRE CALDERA 4.1.0 allows stored XSS via app.contact.gist (aka the gist contact configuration field), leading to execution of arbitrary commands on agents.
network
low complexity
mitre CWE-79
5.4
2022-01-12 CVE-2021-42558 Cross-site Scripting vulnerability in Mitre Caldera
An issue was discovered in CALDERA 2.8.1.
network
low complexity
mitre CWE-79
6.1
2020-06-19 CVE-2020-14462 Cross-site Scripting vulnerability in Mitre Caldera 2.7.0
CALDERA 2.7.0 allows XSS via the Operation Name box.
network
low complexity
mitre CWE-79
5.4
2020-03-22 CVE-2020-10807 Authentication Bypass by Spoofing vulnerability in Mitre Caldera
auth_svc in Caldera before 2.6.5 allows authentication bypass (for REST API requests) via a forged "localhost" string in the HTTP Host header.
network
low complexity
mitre CWE-290
5.3