Vulnerabilities > Portainer > Medium

DATE CVE VULNERABILITY TITLE RISK
2021-10-18 CVE-2021-42650 Cross-site Scripting vulnerability in Portainer
Cross Site Scripting (XSS vulnerability exists in Portainer before 2.9.1 via the node input box in Custom Templates.
network
portainer CWE-79
4.3
2021-03-16 CVE-2020-24263 Incorrect Permission Assignment for Critical Resource vulnerability in Portainer
Portainer 1.24.1 and earlier is affected by an insecure permissions vulnerability that may lead to remote arbitrary code execution.
network
low complexity
portainer CWE-732
6.5
2019-11-07 CVE-2019-16877 Unspecified vulnerability in Portainer
Portainer before 1.22.1 has Incorrect Access Control (issue 4 of 4).
network
low complexity
portainer
6.5
2019-11-07 CVE-2019-16876 Path Traversal vulnerability in Portainer
Portainer before 1.22.1 allows Directory Traversal.
network
low complexity
portainer CWE-22
5.0
2019-11-07 CVE-2019-16874 Unspecified vulnerability in Portainer
Portainer before 1.22.1 has Incorrect Access Control (issue 2 of 4).
network
low complexity
portainer
4.0
2019-03-27 CVE-2018-19466 Insufficiently Protected Credentials vulnerability in Portainer
A vulnerability was found in Portainer before 1.20.0.
network
low complexity
portainer CWE-522
5.0
2018-11-20 CVE-2018-19367 Unspecified vulnerability in Portainer
Portainer through 1.19.2 provides an API endpoint (/api/users/admin/check) to verify that the admin user is already created.
network
low complexity
portainer
5.0