Vulnerabilities > Portainer
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2019-11-07 | CVE-2019-16873 | Cross-site Scripting vulnerability in Portainer Portainer before 1.22.1 has XSS (issue 1 of 2). | 5.4 |
2019-03-27 | CVE-2018-19466 | Insufficiently Protected Credentials vulnerability in Portainer A vulnerability was found in Portainer before 1.20.0. | 9.8 |
2018-11-20 | CVE-2018-19367 | Unspecified vulnerability in Portainer Portainer through 1.19.2 provides an API endpoint (/api/users/admin/check) to verify that the admin user is already created. | 9.8 |
2018-09-01 | CVE-2018-16316 | Cross-site Scripting vulnerability in Portainer A stored Cross-site scripting (XSS) vulnerability in Portainer through 1.19.1 allows remote authenticated users to inject arbitrary JavaScript and/or HTML via the Team Name field. | 5.4 |
2018-06-22 | CVE-2018-12678 | Server-Side Request Forgery (SSRF) vulnerability in Portainer Portainer before 1.18.0 supports unauthenticated requests to the websocket endpoint with an unvalidated id query parameter for the /websocket/exec endpoint, which allows remote attackers to bypass intended access restrictions or conduct SSRF attacks. | 9.8 |