Vulnerabilities > Thingsboard > Thingsboard > 2.0.3
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-10-06 | CVE-2023-45303 | Injection vulnerability in Thingsboard ThingsBoard before 3.5 allows Server-Side Template Injection if users are allowed to modify an email template, because Apache FreeMarker supports freemarker.template.utility.Execute (for content sent to the /api/admin/settings endpoint). | 8.8 |
| 2020-12-18 | CVE-2020-27687 | Injection vulnerability in Thingsboard ThingsBoard before v3.2 is vulnerable to Host header injection in password-reset emails. | 6.8 |