13 matches found
CVE-2026-46393
The CVE-2026-46393 entry documents an authenticated SSRF in HAXcms createSite. In affected versions prior to 26.0.0, a malicious build.files input lets an authenticated user cause server-side requests (via file_get_contents on attacker-controlled tmp_name), enabling fetches of arbitrary internal/...
CVE-2026-25511
Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.150, 25.0.82, and 26.0.5, an authenticated user within the System Administrator group can trigger a full SSRF via the WOPI service discovery URL, including access to internal hosts/ports. The...
CVE-2023-46502
An issue in openCRX v.5.2.2 allows a remote attacker to read internal files and execute server side request forgery attack via insecure DocumentBuilderFactory...
Business-central: Possible XML External Entity Injection attack
An XML external entity injectionXXE vulnerability was found in Business Central. This flaw allows an attacker to interfere with an application's processing of XML data. This attack occurs when XML input containing a reference to an external entity is processed by a weakly configured XML parser. T...
CVE-2022-2458
XML external entity injectionXXE is a vulnerability that allows an attacker to interfere with an application's processing of XML data. This attack occurs when XML input containing a reference to an external entity is processed by a weakly configured XML parser. The software processes an XML...
CVE-2022-2458
XML external entity injectionXXE is a vulnerability that allows an attacker to interfere with an application's processing of XML data. This attack occurs when XML input containing a reference to an external entity is processed by a weakly configured XML parser. The software processes an XML...
CVE-2022-2458
XML external entity injectionXXE is a vulnerability that allows an attacker to interfere with an application's processing of XML data. This attack occurs when XML input containing a reference to an external entity is processed by a weakly configured XML parser. The software processes an XML...
Xxe
XML external entity injectionXXE is a vulnerability that allows an attacker to interfere with an application's processing of XML data. This attack occurs when XML input containing a reference to an external entity is processed by a weakly configured XML parser. The software processes an XML...
CVE-2022-2458
CVE-2022-2458 is an XML External Entity (XXE) vulnerability affecting IBM Business Automation Manager/Open Editions (Business Central) and Kie-Server APIs. The weakness arises from processing XML input with external entities due to a weakly configured XML parser, enabling an attacker to cause Ext...
CVE-2022-2458
XML external entity injectionXXE is a vulnerability that allows an attacker to interfere with an application's processing of XML data. This attack occurs when XML input containing a reference to an external entity is processed by a weakly configured XML parser. The software processes an XML...
PT-2022-16733 · Red Hat +1 · Kie-Server Apis +1
Name of the Vulnerable Software and Affected Versions: Business Central affected versions not specified Kie-Server APIs affected versions not specified Description: The issue allows an attacker to interfere with an application's processing of XML data through XML external entity injection XXE. Th...
CVE-2022-2458
An XML external entity injectionXXE vulnerability was found in Business Central. This flaw allows an attacker to interfere with an application's processing of XML data. This attack occurs when XML input containing a reference to an external entity is processed by a weakly configured XML parser. T...
Engel & Völkers Technology GmbH: XXE on www.publish.engelvoelkers.com
Summary: A XML External Entities vulnerability has been found on www.publish.engelvoelkers.com:8443. Initially a GET request was made to /dp/services and that returned a 500 Error with some XML data. Changing the HTTP request method to POST with some XML data produced a different response, so it...