|
Access Control Bypass
|
>=4.0.0-RC1, <4.12.5
>=5.0.0-RC1, <5.4.6
|
|
Files or Directories Accessible to External Parties
|
>=3.5.13, <4.12.1
>=5.0.0-alpha.1, <5.4.2
|
|
Arbitrary Code Injection
|
>=4.0.0-RC1, <4.12.2
>=5.0.0-RC1, <5.4.3
|
|
Cross-site Scripting (XSS)
| |
|
Improper Authentication
| |
|
SQL Injection
| |
|
Unrestricted Upload of File with Dangerous Type
| |
|
URL Redirection to Untrusted Site ('Open Redirect')
| |
|
Cross-site Scripting (XSS)
| |
|
Improper Neutralization of Special Elements Used in a Template Engine
| |
|
Improper Privilege Management
|
>=3.0.0, <3.9.6
>=4.0.0-RC1, <4.5.11
|
|
Remote Code Execution (RCE)
| |
|
Remote Code Execution (RCE)
|
>=3.0.0, <3.8.15
>=4.0.0-RC1, <4.4.15
|
|
Cross-site Scripting (XSS)
| |
|
Cross-site Scripting (XSS)
| |
|
Cross-site Scripting (XSS)
| |
|
Access Restriction Bypass
| |
|
Improper Input Validation
| |
|
Server-side Request Forgery (SSRF)
| |
|
Cross-site Scripting (XSS)
| |
|
Cross-site Scripting (XSS)
| |
|
Cross-site Scripting (XSS)
|
>=3.0.0, <3.8.6
>=4.0.0-RC1, <4.4.6
|
|
Cross-site Scripting (XSS)
| |
|
Cross-site Scripting (XSS)
| |
|
Remote Code Execution (RCE)
| |
|
Arbitrary Code Execution
| |
|
Cross-site Scripting (XSS)
| |
|
Cross-site Scripting (XSS)
| |
|
Cross-site Scripting (XSS)
| |
|
Cross-site Request Forgery (CSRF)
| |
|
Cross-site Scripting (XSS)
|
<3.7.51
>=4.0.0-alpha.1, <4.2.1
|
|
Cross-site Scripting (XSS)
| |
|
Cross-site Scripting (XSS)
| |
|
Cross-site Scripting (XSS)
| |
|
Cross-site Scripting (XSS)
| |
|
Access Restriction Bypass
| |
|
Cross-site Scripting (XSS)
| |
|
CSV Injection
| |
|
Cross-site Scripting (XSS)
| |
|
Remote Code Execution (RCE)
| |
|
Cross-site Scripting (XSS)
| |
|
Cross-site Scripting (XSS)
| |
|
Brute Force
| |
|
Cross-site Scripting (XSS)
| |
|
Information Exposure
| |
|
Cross-site Scripting (XSS)
| |
