Vulnerabilities > Zitadel > Zitadel > 1.50.2
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-10-26 | CVE-2023-46238 | Cross-site Scripting vulnerability in Zitadel ZITADEL is an identity infrastructure management system. | 5.4 |
| 2023-10-10 | CVE-2023-44399 | Unspecified vulnerability in Zitadel ZITADEL provides identity infrastructure. | 5.3 |
| 2022-08-31 | CVE-2022-36051 | Incorrect Authorization vulnerability in Zitadel ZITADEL combines the ease of Auth0 and the versatility of Keycloak.**Actions**, introduced in ZITADEL **1.42.0** on the API and **1.56.0** for Console, is a feature, where users with role.`ORG_OWNER` are able to create Javascript Code, which is invoked by the system at certain points during the login. | 8.8 |