Vulnerabilities > Owasp > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2024-08-12 | CVE-2023-48171 | Unspecified vulnerability in Owasp Defectdojo An issue in OWASP DefectDojo before v.1.5.3.1 allows a remote attacker to escalate privileges via the user permissions component. | 8.8 |
2022-09-20 | CVE-2022-39957 | Improper Encoding or Escaping of Output vulnerability in multiple products The OWASP ModSecurity Core Rule Set (CRS) is affected by a response body bypass. | 7.5 |
2022-09-20 | CVE-2022-39958 | Improper Encoding or Escaping of Output vulnerability in multiple products The OWASP ModSecurity Core Rule Set (CRS) is affected by a response body bypass to sequentially exfiltrate small and undetectable sections of data by repeatedly submitting an HTTP Range header field with a small byte range. | 7.5 |
2021-01-13 | CVE-2021-23899 | XXE vulnerability in Owasp Json-Sanitizer OWASP json-sanitizer before 1.2.2 may emit closing SCRIPT tags and CDATA section delimiters for crafted input. | 7.5 |
2018-09-03 | CVE-2018-16384 | SQL Injection vulnerability in Owasp Modsecurity Core Rule SET A SQL injection bypass (aka PL1 bypass) exists in OWASP ModSecurity Core Rule Set (owasp-modsecurity-crs) through v3.1.0-rc3 via {`a`b} where a is a special function name (such as "if") and b is the SQL statement to be executed. | 7.5 |