Vulnerabilities > Zitadel > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-09-20 | CVE-2024-47000 | Unspecified vulnerability in Zitadel Zitadel is an open source identity management platform. | 7.5 |
| 2024-04-26 | CVE-2024-32868 | Improper Restriction of Excessive Authentication Attempts vulnerability in Zitadel ZITADEL provides users the possibility to use Time-based One-Time-Password (TOTP) and One-Time-Password (OTP) through SMS and Email. | 8.1 |
| 2024-03-27 | CVE-2024-29891 | Cross-site Scripting vulnerability in Zitadel ZITADEL users can upload their own avatar image and various image types are allowed. | 8.7 |
| 2024-03-11 | CVE-2024-28197 | Session Fixation vulnerability in Zitadel Zitadel is an open source identity management system. | 7.5 |
| 2023-11-30 | CVE-2023-49097 | Unspecified vulnerability in Zitadel ZITADEL is an identity infrastructure system. | 8.8 |
| 2022-08-31 | CVE-2022-36051 | Incorrect Authorization vulnerability in Zitadel ZITADEL combines the ease of Auth0 and the versatility of Keycloak.**Actions**, introduced in ZITADEL **1.42.0** on the API and **1.56.0** for Console, is a feature, where users with role.`ORG_OWNER` are able to create Javascript Code, which is invoked by the system at certain points during the login. | 8.8 |