Vulnerabilities > Portainer

DATE CVE VULNERABILITY TITLE RISK
2019-11-07 CVE-2019-16873 Cross-site Scripting vulnerability in Portainer
Portainer before 1.22.1 has XSS (issue 1 of 2).
network
low complexity
portainer CWE-79
5.4
2019-03-27 CVE-2018-19466 Insufficiently Protected Credentials vulnerability in Portainer
A vulnerability was found in Portainer before 1.20.0.
network
low complexity
portainer CWE-522
critical
9.8
2018-11-20 CVE-2018-19367 Unspecified vulnerability in Portainer
Portainer through 1.19.2 provides an API endpoint (/api/users/admin/check) to verify that the admin user is already created.
network
low complexity
portainer
critical
9.8
2018-09-01 CVE-2018-16316 Cross-site Scripting vulnerability in Portainer
A stored Cross-site scripting (XSS) vulnerability in Portainer through 1.19.1 allows remote authenticated users to inject arbitrary JavaScript and/or HTML via the Team Name field.
network
low complexity
portainer CWE-79
5.4
2018-06-22 CVE-2018-12678 Server-Side Request Forgery (SSRF) vulnerability in Portainer
Portainer before 1.18.0 supports unauthenticated requests to the websocket endpoint with an unvalidated id query parameter for the /websocket/exec endpoint, which allows remote attackers to bypass intended access restrictions or conduct SSRF attacks.
network
low complexity
portainer CWE-918
critical
9.8