CVE-2023-49735

UNSUPPORTED WHEN ASSIGNED The value set as the DefaultLocaleResolver.LOCALEKEY attribute on the session was not validated while resolving XML definition files, leading to possible path traversal and eventually SSRF/XXE when passing user-controlled data to this key. Passing user-controlled data to...

net.chronakis.tiles-dynamic:tiles-dynamic-example (=1.3), net.chronakis.tiles-dynamic:tiles-dynamic-lib (=1.3) +14 more potentially affected by CVE-2023-49735 via org.apache.struts:struts-tiles (=1.3.10)

org.apache.struts:struts-tiles MAVEN version =1.3.10 is affected by a known vulnerability. The following packages have a transitive dependency on org.apache.struts:struts-tiles and may be impacted: - net.chronakis.tiles-dynamic:tiles-dynamic-example =1.3 -...

UBUNTU-CVE-2023-49735

UNSUPPORTED WHEN ASSIGNED The value set as the DefaultLocaleResolver.LOCALEKEY attribute on the session was not validated while resolving XML definition files, leading to possible path traversal and eventually SSRF/XXE when passing user-controlled data to this key. Passing user-controlled data to...

PT-2023-16974 · WordPress · Wp Tiles

Name of the Vulnerable Software and Affected Versions: WP Tiles WordPress plugin versions 1.1.2 and earlier Description: The issue allows any authenticated users, such as subscribers, to retrieve the titles of draft and private posts. An attacker could also retrieve the title of any other type of...