Vulnerabilities > Opswat > Metadefender
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-09-19 | CVE-2022-40778 | Cross-site Scripting vulnerability in Opswat Metadefender A stored Cross-Site Scripting (XSS) vulnerability in OPSWAT MetaDefender ICAP Server before 4.13.0 allows attackers to execute arbitrary JavaScript or HTML because of the blocked page response. | 5.4 |
| 2022-06-09 | CVE-2022-32272 | Improper Privilege Management vulnerability in Opswat Metadefender OPSWAT MetaDefender Core before 5.1.2, MetaDefender ICAP before 4.12.1, and MetaDefender Email Gateway Security before 5.6.1 have incorrect access control, resulting in privilege escalation. | 9.8 |
| 2022-06-08 | CVE-2022-32273 | Information Exposure Through Discrepancy vulnerability in Opswat Metadefender As a result of an observable discrepancy in returned messages, OPSWAT MetaDefender Core (MDCore) before 5.1.2 could allow an authenticated user to enumerate filenames on the server. | 4.3 |
| 2018-08-31 | CVE-2018-16275 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Opswat Metadefender OPSWAT MetaDefender before v4.11.2 allows CSV injection. | 7.8 |