Vulnerabilities > Pexip > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-12-25 | CVE-2023-37225 | Cross-site Scripting vulnerability in Pexip Infinity Pexip Infinity before 32 allows Webapp1 XSS via preconfigured links. | 6.1 |
| 2023-12-25 | CVE-2023-40236 | Use of Hard-coded Credentials vulnerability in Pexip Virtual Meeting Rooms In Pexip VMR self-service portal before 3, the same SSH host key is used across different customers' installations, which allows authentication bypass. | 5.3 |
| 2022-07-17 | CVE-2022-25357 | Unspecified vulnerability in Pexip Infinity 27.0/27.1 Pexip Infinity 27.x before 27.2 has Improper Access Control. | 5.3 |
| 2022-07-17 | CVE-2022-27930 | Unspecified vulnerability in Pexip Infinity 27.0/27.1/27.2 Pexip Infinity 27.x before 27.3 allows remote attackers to trigger a software abort via single-sign-on if a random Universally Unique Identifier is guessed. | 5.9 |
| 2020-09-25 | CVE-2017-17477 | Cross-site Scripting vulnerability in Pexip Infinity Pexip Infinity before 17 allows an unauthenticated remote attacker to achieve stored XSS via management web interface views. | 6.1 |
| 2020-09-25 | CVE-2020-24615 | Improper Input Validation vulnerability in Pexip Infinity Pexip Infinity before 24.1 has Improper Input Validation, leading to temporary denial of service via SIP. | 5.3 |