Vulnerabilities > Owasp

DATE CVE VULNERABILITY TITLE RISK
2022-04-27 CVE-2022-24891 Cross-site Scripting vulnerability in Owasp Enterprise Security API
ESAPI (The OWASP Enterprise Security API) is a free, open source, web application security control library.
network
owasp CWE-79
4.3
2022-04-25 CVE-2022-23457 Path Traversal vulnerability in Owasp Enterprise Security API
ESAPI (The OWASP Enterprise Security API) is a free, open source, web application security control library.
network
low complexity
owasp CWE-22
7.5
2022-03-24 CVE-2022-27820 Improper Certificate Validation vulnerability in Owasp ZED Attack Proxy
OWASP Zed Attack Proxy (ZAP) through w2022-03-21 does not verify the TLS certificate chain of an HTTPS server.
network
owasp CWE-295
4.3
2021-11-05 CVE-2021-35368 Incorrect Authorization vulnerability in Owasp Modsecurity Core Rule SET
OWASP ModSecurity Core Rule Set 3.1.x before 3.1.2, 3.2.x before 3.2.1, and 3.3.x before 3.3.2 is affected by a Request Body Bypass via a trailing pathname.
network
low complexity
owasp CWE-863
7.5
2021-10-18 CVE-2021-42575 The OWASP Java HTML Sanitizer before 20211018.1 does not properly enforce policies associated with the SELECT, STYLE, and OPTION elements.
network
low complexity
owasp oracle
7.5
2021-08-19 CVE-2021-28490 Cross-Site Request Forgery (CSRF) vulnerability in Owasp Csrfguard 4.0
In OWASP CSRFGuard through 3.1.0, CSRF can occur because the CSRF cookie may be retrieved by using only a session token.
network
owasp CWE-352
6.8
2021-06-22 CVE-2010-3300 Reliance on Obfuscation or Encryption of Security-Relevant Inputs without Integrity Checking vulnerability in Owasp Enterprise Security API for Java 2.0
It was found that all OWASP ESAPI for Java up to version 2.0 RC2 are vulnerable to padding oracle attacks.
network
owasp CWE-649
4.3
2021-01-13 CVE-2021-23900 Unspecified vulnerability in Owasp Json-Sanitizer
OWASP json-sanitizer before 1.2.2 can output invalid JSON or throw an undeclared exception for crafted input.
network
low complexity
owasp
5.0
2021-01-13 CVE-2021-23899 XXE vulnerability in Owasp Json-Sanitizer
OWASP json-sanitizer before 1.2.2 may emit closing SCRIPT tags and CDATA section delimiters for crafted input.
network
low complexity
owasp CWE-611
7.5
2020-06-09 CVE-2020-13973 Cross-site Scripting vulnerability in Owasp Json-Sanitizer 1.0/1.1/1.2.0
OWASP json-sanitizer before 1.2.1 allows XSS.
network
owasp CWE-79
4.3