JupiterX Core

Authenticated (Contributor+) Stored CrossSite Scripting via Inline SVG vulnerability <= 4.8.12

Cross Site Scripting (XSS) Vulnerability <= 4.8.11

Unauthenticated PHP Object Injection via PHAR vulnerability <= 4.8.11

Authenticated (Contributor+) SVG Upload to Local File Inclusion (Remote Code Execution) vulnerability <= 4.8.7

Authenticated (Contributor+) Arbitrary File Read vulnerability <= 4.8.7