Vulnerabilities > Montala > Medium

DATE CVE VULNERABILITY TITLE RISK
2022-07-17 CVE-2022-31260 Missing Authentication for Critical Function vulnerability in Montala Resourcespace
In Montala ResourceSpace through 9.8 before r19636, csv_export_results_metadata.php allows attackers to export collection metadata via a non-NULL k value.
network
low complexity
montala CWE-306
6.5
6.5
2021-11-15 CVE-2021-41951 Cross-site Scripting vulnerability in Montala Resourcespace
ResourceSpace before 9.6 rev 18290 is affected by a reflected Cross-Site Scripting vulnerability in plugins/wordpress_sso/pages/index.php via the wordpress_user parameter.
network
low complexity
montala CWE-79
6.1
6.1