Command Injection | >=4.0.0-RC1, <4.13.2>=5.0.0-RC1, <5.5.2 |
Access Control Bypass | >=4.0.0-RC1, <4.12.5>=5.0.0-RC1, <5.4.6 |
Files or Directories Accessible to External Parties | >=3.5.13, <4.12.1>=5.0.0-alpha.1, <5.4.2 |
Arbitrary Code Injection | >=4.0.0-RC1, <4.12.2>=5.0.0-RC1, <5.4.3 |
Cross-site Scripting (XSS) | |
Improper Authentication | |
SQL Injection | |
Unrestricted Upload of File with Dangerous Type | |
URL Redirection to Untrusted Site ('Open Redirect') | |
Cross-site Scripting (XSS) | |
Improper Neutralization of Special Elements Used in a Template Engine | |
Improper Privilege Management | >=3.0.0, <3.9.6>=4.0.0-RC1, <4.5.11 |
Remote Code Execution (RCE) | |
Remote Code Execution (RCE) | >=3.0.0, <3.8.15>=4.0.0-RC1, <4.4.15 |
Cross-site Scripting (XSS) | |
Cross-site Scripting (XSS) | |
Cross-site Scripting (XSS) | |
Access Restriction Bypass | |
Improper Input Validation | |
Server-side Request Forgery (SSRF) | |
Cross-site Scripting (XSS) | |
Cross-site Scripting (XSS) | |
Cross-site Scripting (XSS) | >=3.0.0, <3.8.6>=4.0.0-RC1, <4.4.6 |
Cross-site Scripting (XSS) | |
Cross-site Scripting (XSS) | |
Remote Code Execution (RCE) | |
Arbitrary Code Execution | |
Cross-site Scripting (XSS) | |
Cross-site Scripting (XSS) | |
Cross-site Scripting (XSS) | |
Cross-site Request Forgery (CSRF) | |
Cross-site Scripting (XSS) | <3.7.51>=4.0.0-alpha.1, <4.2.1 |
Cross-site Scripting (XSS) | |
Cross-site Scripting (XSS) | |
Cross-site Scripting (XSS) | |
Cross-site Scripting (XSS) | |
Access Restriction Bypass | |
Cross-site Scripting (XSS) | |
CSV Injection | |
Cross-site Scripting (XSS) | |
Remote Code Execution (RCE) | |
Cross-site Scripting (XSS) | |
Cross-site Scripting (XSS) | |
Brute Force | |
Cross-site Scripting (XSS) | |
Information Exposure | |
Cross-site Scripting (XSS) | |