Vulnerabilities > Prosody > Prosody > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-05-13 | CVE-2021-32917 | Missing Authorization vulnerability in multiple products An issue was discovered in Prosody before 0.11.9. | 5.3 |
| 2021-05-13 | CVE-2021-32921 | Race Condition vulnerability in multiple products An issue was discovered in Prosody before 0.11.9. | 5.9 |
| 2016-01-29 | CVE-2016-0756 | Improper Input Validation vulnerability in Prosody The generate_dialback function in the mod_dialback module in Prosody before 0.9.10 does not properly separate fields when generating dialback keys, which allows remote attackers to spoof XMPP network domains via a crafted stream id and domain name that is included in the target domain as a suffix. | 5.3 |
| 2016-01-12 | CVE-2016-1231 | Path Traversal vulnerability in multiple products Directory traversal vulnerability in the HTTP file-serving module (mod_http_files) in Prosody 0.9.x before 0.9.9 allows remote attackers to read arbitrary files via a .. | 5.9 |