Total
4 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2022-40778 | 1 Opswat | 1 Metadefender | 2022-09-21 | N/A | 5.4 MEDIUM |
A stored Cross-Site Scripting (XSS) vulnerability in OPSWAT MetaDefender ICAP Server before 4.13.0 allows attackers to execute arbitrary JavaScript or HTML because of the blocked page response. | |||||
CVE-2022-32272 | 1 Opswat | 1 Metadefender | 2022-06-21 | 7.5 HIGH | 9.8 CRITICAL |
OPSWAT MetaDefender Core before 5.1.2, MetaDefender ICAP before 4.12.1, and MetaDefender Email Gateway Security before 5.6.1 have incorrect access control, resulting in privilege escalation. | |||||
CVE-2022-32273 | 1 Opswat | 1 Metadefender | 2022-06-15 | 4.0 MEDIUM | 4.3 MEDIUM |
As a result of an observable discrepancy in returned messages, OPSWAT MetaDefender Core (MDCore) before 5.1.2 could allow an authenticated user to enumerate filenames on the server. | |||||
CVE-2018-16275 | 1 Opswat | 1 Metadefender | 2020-08-24 | 6.8 MEDIUM | 7.8 HIGH |
OPSWAT MetaDefender before v4.11.2 allows CSV injection. |