EUVD-2019-0618

Malware in sbrugna...

PT-2024-40818 · Apache · Apache Poi

Name of the Vulnerable Software and Affected Versions: Apache POI affected versions not specified Description: A security exception crash has been reported. The crash occurs in the java.base/java.util.ArrayList. method, which is called by...

Cross site scripting

TinyMCE is an open source rich text editor. A mutation cross-site scripting mXSS vulnerability was discovered in TinyMCE’s core undo and redo functionality. When a carefully-crafted HTML snippet passes the XSS sanitisation layer, it is manipulated as a string by internal trimming functions before...

CVE-2023-45818

Removed by vendor...

CVE-2023-45818 Cross-site Scripting vulnerability in TinyMCE undo/redo, getContent API, resetContent API, and Autosave plugin

TinyMCE is an open source rich text editor. A mutation cross-site scripting mXSS vulnerability was discovered in TinyMCE’s core undo and redo functionality. When a carefully-crafted HTML snippet passes the XSS sanitisation layer, it is manipulated as a string by internal trimming functions before...

TinyMCE mXSS vulnerability in undo/redo, getContent API, resetContent API, and Autosave plugin

Impact A mutation cross-site scripting mXSS vulnerability was discovered in TinyMCE’s core undo and redo functionality. When a carefully-crafted HTML snippet passes the XSS sanitisation layer, it is manipulated as a string by internal trimming functions before being stored in the undo stack. If t...

XML External Entity Reference in Hazelcast

The AbstractXmlConfigRootTagRecognizer function makes use of SAXParser generated from a SAXParserFactory with no FEATURESECUREPROCESSING set, allowing for XXE attacks...

in liquibase/liquibase

Description The XMLChangeLogSAXParser function makes use of SAXParser generated from a SAXParserFactory with no FEATURESECUREPROCESSING set, allowing for XXE attacks. In...

in jesusfreke/smali

Description The loadResourceIds function makes use of SAXParser generated from a SAXParserFactory with no FEATURESECUREPROCESSING set, allowing for XXE attacks. In...

in hazelcast/hazelcast

Description The AbstractXmlConfigRootTagRecognizer function makes use of SAXParser generated from a SAXParserFactory with no FEATURESECUREPROCESSING set, allowing for XXE attacks. In...

in mybatis/generator

Description The isConfigFile function makes use of SAXParser generated from a SAXParserFactory with no FEATURESECUREPROCESSING set, allowing for XXE attacks. In...

in jetbrains/kotlin

Description The ModuleXmlParser.parse function makes use of SAXParser generated from a SAXParserFactory with no FEATURESECUREPROCESSING set, allowing for XXE attacks. In...

XML External Entity Reference in edu.stanford.nlp:stanford-corenlp

The TransformXML function makes use of SAXParser generated from a SAXParserFactory with no FEATURESECUREPROCESSING set, allowing for XXE attacks...

in stanfordnlp/corenlp

Description The TransformXML function makes use of SAXParser generated from a SAXParserFactory with no FEATURESECUREPROCESSING set, allowing for XXE attacks. In...

XML External Entity (XXE) Attacks

Android Tools are vulnerable to XML external entity attacks. These attacks are possible because it doesn't restrict the entities which allows an attacker to pass into the SAXParser...