3 matches found
XSS (Cross Site Scripting) dompurify Dependency in Bitbucket Data Center
This High severity XSS Cross Site Scripting vulnerability was introduced in versions 8.19.0, 9.0.1, and 10.0.0 of Bitbucket Data Center. This XSS Cross Site Scripting vulnerability, with a CVSS Score of 7.3 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L allows an unauthenticate...
XXE (XML External Entity Injection) org.apache.tika:tika-core Dependency in Confluence Data Center and Server
This High severity XXE XML External Entity Injection vulnerability was introduced in versions 7.7.0 of Confluence Data Center and Server. This XXE XML External Entity Injection vulnerability, with a CVSS Score of 8.4 and a CVSS Vector of CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H allows an...
Infinite loop
Overview drupal/core is an an open source content management platform powering millions of websites and applications. Affected versions of this package are vulnerable to Infinite loop via the Comment module. An attacker can trigger excessive resource consumption by making repeated comment reply...