57 matches found
Cross-site Scripting (XSS)
Overview openmage/magento-lts is a This repository is the home of an unofficial community-driven project. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the run process in the admin panel's import/export data flow profiles. An attacker can execute arbitrary scrip...
CVE-2026-38429
OpenCMS v20 and before is vulnerable to XML External Entity XXE in the Admin Import DB feature due to insecure XML parsing of user supplied .zip files containing a manifest.xml...
CVE-2026-41936
Vvveb before version 1.0.8.2 contains an XML external entity XXE injection vulnerability in the admin Tools/Import feature that allows authenticated siteadmin users to read arbitrary files and modify database records. Attackers can exploit the XML parser configuration in system/import/xml.php to...
CVE-2026-41936 Vvveb < 1.0.8.2 XML External Entity Injection via Import
Vvveb before version 1.0.8.2 contains an XML external entity XXE injection vulnerability in the admin Tools/Import feature that allows authenticated siteadmin users to read arbitrary files and modify database records. Attackers can exploit the XML parser configuration in system/import/xml.php to...
EUVD-2026-27892
Vvveb before version 1.0.8.2 contains an XML external entity XXE injection vulnerability in the admin Tools/Import feature that allows authenticated siteadmin users to read arbitrary files and modify database records. Attackers can exploit the XML parser configuration in system/import/xml.php to...
CVE-2026-41936
Vvveb before 1.0.8.2 contains an XML External Entity (XXE) injection via the admin Tools/Import feature. Authenticated site_admins can exploit the XML parser in system/import/xml.php to inject file:// or php://filter references, enabling arbitrary file disclosure and administrator password hash o...
PT-2026-38222
Vvveb before version 1.0.8.2 contains an XML external entity XXE injection vulnerability in the admin Tools/Import feature that allows authenticated site admin users to read arbitrary files and modify database records. Attackers can exploit the XML parser configuration in system/import/xml.php to...
XML External Entity (XXE) Injection
Overview org.opencms:opencms-core is a Java open source content management system by Alkacon Software. Affected versions of this package are vulnerable to XML External Entity XXE Injection insecure XML parsing of user-supplied .zip files containing manifest.xml in the Admin Import DB. An attacker...
EUVD-2026-27401
OpenCMS v20 and before is vulnerable to XML External Entity XXE in the Admin Import DB feature due to insecure XML parsing of user supplied .zip files containing a manifest.xml...
CVE-2026-38429
OpenCMS v20 and before is vulnerable to XML External Entity XXE in the Admin Import DB feature due to insecure XML parsing of user supplied .zip files containing a manifest.xml...
CVE-2026-38429
OpenCMS v20 and before is vulnerable to XML External Entity XXE in the Admin Import DB feature due to insecure XML parsing of user supplied .zip files containing a manifest.xml...
CVE-2026-38429
OpenCMS v20 and before is vulnerable to XML External Entity XXE in the Admin Import DB feature due to insecure XML parsing of user supplied .zip files containing a manifest.xml...
PT-2026-37087
Name of the Vulnerable Software and Affected Versions OpenCMS versions prior to 21 Description The Admin Import DB feature is susceptible to XML External Entity XXE, a flaw where an application processes XML input containing a reference to an external entity, potentially allowing unauthorized...
CVE-2026-38429
OpenCMS v20 and before is vulnerable to XML External Entity XXE in the Admin Import DB feature due to insecure XML parsing of user supplied .zip files containing a manifest.xml...
CVE-2026-30345
A zip slip vulnerability in the Admin import functionality of CTFd v3.8.1-18-gdb5a18c4 allows attackers to write arbitrary files outside the intended directories via supplying a crafted import...
EUVD-2026-12868
A zip slip vulnerability in the Admin import functionality of CTFd v3.8.1-18-gdb5a18c4 allows attackers to write arbitrary files outside the intended directories via supplying a crafted import...
CVE-2026-30345
A zip slip vulnerability in the Admin import functionality of CTFd v3.8.1-18-gdb5a18c4 allows attackers to write arbitrary files outside the intended directories via supplying a crafted import...
CVE-2026-30345
CTFd CVE-2026-30345 is a zip-slip vulnerability in the Admin import path of v3.8.1-18-gdb5a18c4. A crafted import can cause arbitrary files to be written outside the intended directory. The vulnerability is reported across multiple feeds (NVD/Red Hat/others) with a CVSS v3.1 base score of 7.5 (Hi...
CVE-2026-30345
A zip slip vulnerability in the Admin import functionality of CTFd v3.8.1-18-gdb5a18c4 allows attackers to write arbitrary files outside the intended directories via supplying a crafted import...
CVE-2026-30345
A zip slip vulnerability in the Admin import functionality of CTFd v3.8.1-18-gdb5a18c4 allows attackers to write arbitrary files outside the intended directories via supplying a crafted import...