3 matches found
GHSA-73F3-RQQF-2J54 Apache Syncope: Console XXE on Keymaster parameters
Improper Restriction of XML External Entity Reference vulnerability in Apache Syncope Console. An administrator with adequate entitlements to create or edit Keymaster parameters via Console can construct malicious XML text to launch an XXE attack, thereby causing sensitive data leakage occurs. Th...
CVE-2025-48994 SignXML's signature verification with HMAC is vulnerable to an algorithm confusion attack
SignXML is an implementation of the W3C XML Signature standard in Python. When verifying signatures with X509 certificate validation turned off and HMAC shared secret set signxml.XMLVerifier.verifyrequirex509=False, hmackey=..., versions of SignXML prior to 4.0.4 are vulnerable to a potential...
fullpage.js 跨站脚本漏洞
fullpage.js is an easy-to-use library for creating full-screen scrolling websites also known as single-page websites or mono-page websites and adding horizontal sliders to various parts of the website. A cross-site scripting vulnerability exists in fullpage.js prior to 4.0.4. No information about...