Vulnerabilities > Thingsboard > Thingsboard > 2.1.3
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-10-01 | CVE-2024-9358 | Unspecified vulnerability in Thingsboard A vulnerability has been found in ThingsBoard up to 3.7.0 and classified as problematic. | 5.9 |
| 2024-04-03 | CVE-2024-3270 | Unspecified vulnerability in Thingsboard A vulnerability classified as problematic was found in ThingsBoard up to 3.6.2. | 6.5 |
| 2023-10-06 | CVE-2023-45303 | Injection vulnerability in Thingsboard ThingsBoard before 3.5 allows Server-Side Template Injection if users are allowed to modify an email template, because Apache FreeMarker supports freemarker.template.utility.Execute (for content sent to the /api/admin/settings endpoint). | 8.8 |
| 2022-09-13 | CVE-2022-31861 | Cross-site Scripting vulnerability in Thingsboard Cross site Scripting (XSS) in ThingsBoard IoT Platform through 3.3.4.1 via a crafted value being sent to the audit logs. | 5.4 |
| 2020-12-18 | CVE-2020-27687 | Injection vulnerability in Thingsboard ThingsBoard before v3.2 is vulnerable to Host header injection in password-reset emails. | 8.8 |