Vulnerabilities > Portainer > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-10-18 | CVE-2021-42650 | Cross-site Scripting vulnerability in Portainer Cross Site Scripting (XSS vulnerability exists in Portainer before 2.9.1 via the node input box in Custom Templates. | 4.3 |
| 2021-03-16 | CVE-2020-24263 | Incorrect Permission Assignment for Critical Resource vulnerability in Portainer Portainer 1.24.1 and earlier is affected by an insecure permissions vulnerability that may lead to remote arbitrary code execution. | 6.5 |
| 2019-11-07 | CVE-2019-16877 | Unspecified vulnerability in Portainer Portainer before 1.22.1 has Incorrect Access Control (issue 4 of 4). | 6.5 |
| 2019-11-07 | CVE-2019-16876 | Path Traversal vulnerability in Portainer Portainer before 1.22.1 allows Directory Traversal. | 5.0 |
| 2019-11-07 | CVE-2019-16874 | Unspecified vulnerability in Portainer Portainer before 1.22.1 has Incorrect Access Control (issue 2 of 4). | 4.0 |
| 2019-03-27 | CVE-2018-19466 | Insufficiently Protected Credentials vulnerability in Portainer A vulnerability was found in Portainer before 1.20.0. | 5.0 |
| 2018-11-20 | CVE-2018-19367 | Unspecified vulnerability in Portainer Portainer through 1.19.2 provides an API endpoint (/api/users/admin/check) to verify that the admin user is already created. | 5.0 |