CVE-2022-22244

CVE-2022-22244 affects Juniper Networks Junos OS in the J-Web component. An unauthenticated attacker can send a crafted POST to reach the XPath channel, potentially chaining to other vulnerabilities and causing a partial loss of confidentiality. Affected Junos OS versions range broadly from befor...

CVE-2022-22243 Junos OS: XPath Injection vulnerability in J-Web

An XPath Injection vulnerability due to Improper Input Validation in the J-Web component of Juniper Networks Junos OS allows an authenticated attacker to add an XPath command to the XPath stream, which may allow chaining to other unspecified vulnerabilities, leading to a partial loss of...

CVE-2022-22243 Junos OS: XPath Injection vulnerability in J-Web

An XPath Injection vulnerability due to Improper Input Validation in the J-Web component of Juniper Networks Junos OS allows an authenticated attacker to add an XPath command to the XPath stream, which may allow chaining to other unspecified vulnerabilities, leading to a partial loss of...

CVE-2022-22243

CVE-2022-22243 is an XPath Injection vulnerability in Juniper Networks Junos OS J-Web component. It enables an authenticated attacker to add an XPath command to the XPath stream, potentially chaining to other unspecified vulnerabilities and causing partial loss of confidentiality. Affected softwa...

PT-2022-6648 · Juniper Networks · Junos

Name of the Vulnerable Software and Affected Versions: Juniper Networks Junos OS versions prior to 19.1R3-S9 Juniper Networks Junos OS 19.2 versions prior to 19.2R3-S6 Juniper Networks Junos OS 19.3 versions prior to 19.3R3-S7 Juniper Networks Junos OS 19.4 versions prior to 19.4R2-S7, 19.4R3-S8...

XPath Injection Authentication Bypass

XML Path Language XPath queries are used by web applications for selecting nodes from XML documents. Once selected, the value of these nodes can then be used by the application. A simple example for the use of XML documents is to store user information. As part of the authentication process, the...

CVE-2020-25162

A XPath injection vulnerability in the B. Braun Melsungen AG SpaceCom Version L81/U61 and earlier, and the Data module compactplus Versions A10 and A11 allows unauthenticated remote attackers to access sensitive information and escalate privileges...

CVE-2020-25162

A XPath injection vulnerability in the B. Braun Melsungen AG SpaceCom Version L81/U61 and earlier, and the Data module compactplus Versions A10 and A11 allows unauthenticated remote attackers to access sensitive information and escalate privileges...

Design/Logic Flaw

A XPath injection vulnerability in the B. Braun Melsungen AG SpaceCom Version L81/U61 and earlier, and the Data module compactplus Versions A10 and A11 allows unauthenticated remote attackers to access sensitive information and escalate privileges...

CVE-2020-25162 B. Braun SpaceCom, Battery Pack SP with Wi-Fi, and Data module compactplus

A XPath injection vulnerability in the B. Braun Melsungen AG SpaceCom Version L81/U61 and earlier, and the Data module compactplus Versions A10 and A11 allows unauthenticated remote attackers to access sensitive information and escalate privileges...

CVE-2020-25162

CVE-2020-25162 is an XPath injection vulnerability affecting B. Braun SpaceCom, Battery Pack SP with Wi‑Fi, and Data module compactplus. Affected software: SpaceCom/L81 (and U61) and Data module compactplus/A10–A11 (non‑US distribution). Root cause per the advisory: improper handling of XPath exp...

CVE-2020-25162 B. Braun SpaceCom, Battery Pack SP with Wi-Fi, and Data module compactplus

A XPath injection vulnerability in the B. Braun Melsungen AG SpaceCom Version L81/U61 and earlier, and the Data module compactplus Versions A10 and A11 allows unauthenticated remote attackers to access sensitive information and escalate privileges...

A1:Injection — Top 10 OWASP 2017

A1:Injection — Top 10 OWASP 2017 💉 Introduction Injection is an issue that arises quite often and in several forms, things like SQL databases for example might contain issues such as SQL injection and the same might go for things like LDAP, XML, OS commands,… . In other words, there is a range of...

B. Braun SpaceCom, Battery Pack SP with Wi-Fi, and Data module compactplus

1. EXECUTIVE SUMMARY CVSS v3 7.6 ATTENTION: Exploitable remotely/low and high skill level to exploit Vendor: B. Braun Melsungen AG Equipment: SpaceCom, Battery Pack SP with Wi-Fi, and Data module compactplus Vulnerabilities : Cross-site Scripting, Open Redirect, XPath Injection, Session Fixation,...

support.cycliq.com Cross Site Scripting vulnerability OBB-1219683

Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

GitHub Security Lab: Go/CWE-643: XPath Injection Query in Go

This bug was reported directly to GitHub Security Lab...

deborahjreed.ca Cross Site Scripting vulnerability

Security Researcher KhanJanny Helped patch 2643 vulnerabilities Received 9 Coordinated Disclosure badges Received 38 recommendations , a holder of 9 badges for responsible and coordinated disclosure, found a security vulnerability affecting deborahjreed.ca website and its users. Following...

GitHub Security Lab: XPath Injection query in java

This bug was reported directly to GitHub Security Lab...

The vulnerability in the SAP Financial Consolidation web application, related to errors in processing XML requests, allows an attacker to execute an “Xpath injection” attack.

The vulnerability of the SAP Financial Consolidation web application is related to errors in processing XML requests. Exploiting this vulnerability allows a malicious actor to carry out an “Xpath injection” attack remotely...

Unspecified Vulnerability in SAP Financial Consolidation

SAP Financial Consolidation is a financial statement solution from SAP. The product is designed to automate intercompany reconciliations and offsets, currency conversions, and provide financial statement generation. An unspecified vulnerability exists in SAP Financial Consolidation. The...