Hippo CMS: source code security analysis report

2016-07-05T00:00:00
ID APPERCUT:20
Type appercut
Reporter InfoWatch APPERCUT
Modified 2016-08-17T00:00:00

Description

Several vulnerabilities were discovered in Hippo 'Hippo CMS' software: Using XSL Transformation to Execute Any Code Violating the Java Object Model Missing XML document schema validation Using Broken or Risky Cryptographic Algorithm Incorrect Permissions for External Entities During XML Document Processing Incorrect User Input Filtration when Generating Code on the Fly Using Obsolete jQuery Methods