Opswat: >> Metadefender >> 4.12.2 Security Vulnerabilities
A stored Cross-Site Scripting (XSS) vulnerability in OPSWAT MetaDefender ICAP Server before 4.13.0 allows attackers to execute arbitrary JavaScript or HTML because of the blocked page response.
CVSS Score
5.4
EPSS Score
0.005
Published
2022-09-19
OPSWAT MetaDefender Core before 5.1.2, MetaDefender ICAP before 4.12.1, and MetaDefender Email Gateway Security before 5.6.1 have incorrect access control, resulting in privilege escalation.
CVSS Score
9.8
EPSS Score
0.196
Published
2022-06-09
As a result of an observable discrepancy in returned messages, OPSWAT MetaDefender Core (MDCore) before 5.1.2 could allow an authenticated user to enumerate filenames on the server.
CVSS Score
4.3
EPSS Score
0.001
Published
2022-06-08