268 matches found
CVE-2023-26261
In UBIKA WAAP Gateway/Cloud through 6.10, a blind XPath injection leads to an authentication bypass by stealing the session of another connected user. The fixed versions are WAAP Gateway & Cloud 6.11.0 and 6.5.6-patch15...
CVE-2019-8158
An XPath entity injection vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An attacker can craft a GET request to page cache block rendering module that gets passed to XML data processing engine without validation. The crafted key/value GET request data...
CVE-2019-0370
Due to missing input validation, SAP Financial Consolidation, before versions 10.0 and 10.1, enables an attacker to use crafted input to interfere with the structure of the surrounding query leading to XPath Injection...
CVE-2015-20108
xmlsecurity.rb in the ruby-saml gem before 1.0.0 for Ruby allows XPath injection and code execution because prepared statements are not used...
CVE-2022-43840
IBM Aspera Console 3.4.0 through 3.4.4 is vulnerable to an XPath injection vulnerability, which could allow an authenticated attacker to exfiltrate sensitive application data and/or determine the structure of the XML document...
Security Bulletin: IBM Aspera Console has addressed multiple vulnerabilities.
Summary This Security Bulletin addresses multiple vulnerabilities that have been remediated in IBM Aspera Console 3.4.5. Vulnerability Details CVEID:CVE-2024-40725 DESCRIPTION: Apache HTTP Server allow a remote attacker to obtain sensitive information, caused by an incomplete fix for CVE-2024-398...
CVE-2022-43840
IBM Aspera Console 3.4.0 through 3.4.4 is vulnerable to an XPath injection vulnerability, which could allow an authenticated attacker to exfiltrate sensitive application data and/or determine the structure of the XML document...
CVE-2022-43840
IBM Aspera Console 3.4.0 through 3.4.4 is vulnerable to an XPath injection vulnerability, which could allow an authenticated attacker to exfiltrate sensitive application data and/or determine the structure of the XML document...
CVE-2022-43840
CVE-2022-43840 affects IBM Aspera Console 3.4.0–3.4.4. The vulnerability is an XPath injection in the Web UI that could allow an authenticated attacker to exfiltrate sensitive application data and/or deduce the XML document structure. IBM’s bulletin confirms remediation by upgrading to IBM Aspera...
CVE-2022-43840 IBM Aspera Console XPath injection
IBM Aspera Console 3.4.0 through 3.4.4 is vulnerable to an XPath injection vulnerability, which could allow an authenticated attacker to exfiltrate sensitive application data and/or determine the structure of the XML document...
CVE-2022-43840 IBM Aspera Console XPath injection
IBM Aspera Console 3.4.0 through 3.4.4 is vulnerable to an XPath injection vulnerability, which could allow an authenticated attacker to exfiltrate sensitive application data and/or determine the structure of the XML document...
PT-2025-16266 · Ibm · Ibm Aspera Console
Name of the Vulnerable Software and Affected Versions: IBM Aspera Console versions 3.4.0 through 3.4.4 Description: The issue is an XPath injection vulnerability that could allow an authenticated attacker to exfiltrate sensitive application data and/or determine the structure of the XML document...
IBM Aspera Console 安全漏洞
IBM Aspera Console is a Web-based application from International Business Machines IBM, Inc. Allows users to centrally manage, monitor and control Aspera servers nodes and transports. A security vulnerability exists in IBM Aspera Console 3.4.4 and prior versions, which stems from an XPath injecti...
Improper Neutralization of Data within XPath Expressions ('XPath Injection')
Overview composio-core is a Core package to act as a bridge between composio platform and other services. Affected versions of this package are vulnerable to Improper Neutralization of Data within XPath Expressions 'XPath Injection' via the BROWSERTOOLGOTOPAGE and BROWSERTOOLGETPAGEDETAILS action...
CVE-2024-39565
An Improper Neutralization of Data within XPath Expressions 'XPath Injection' vulnerability in J-Web shipped with Juniper Networks Junos OS allows an unauthenticated, network-based attacker to execute remote commands on the target device. While an administrator is logged into a J-Web session or...
CVE-2024-39565
An Improper Neutralization of Data within XPath Expressions 'XPath Injection' vulnerability in J-Web shipped with Juniper Networks Junos OS allows an unauthenticated, network-based attacker to execute remote commands on the target device. While an administrator is logged into a J-Web session or...
CVE-2024-39565 Junos OS: J-Web: An unauthenticated, network-based attacker can perform XPATH injection attack against a device.
An Improper Neutralization of Data within XPath Expressions 'XPath Injection' vulnerability in J-Web shipped with Juniper Networks Junos OS allows an unauthenticated, network-based attacker to execute remote commands on the target device. While an administrator is logged into a J-Web session or...
CVE-2024-39565
CVE-2024-39565 : J-Web XPath Injection in Junos OS allows an unauthenticated, network-based attacker to execute remote commands on the target device. Affected Junos OS versions include all before 21.2R3-S8; 21.4 before 21.4R3-S7; 22.2 before 22.2R3-S4; 22.3 before 22.3R3-S3; 22.4 before 22.4R3-S2...
CVE-2024-39565 Junos OS: J-Web: An unauthenticated, network-based attacker can perform XPATH injection attack against a device.
An Improper Neutralization of Data within XPath Expressions 'XPath Injection' vulnerability in J-Web shipped with Juniper Networks Junos OS allows an unauthenticated, network-based attacker to execute remote commands on the target device. While an administrator is logged into a J-Web session or...
Juniper Junos OS Vulnerability (JSA83023)
The version of Junos OS installed on the remote host is affected by a vulnerability as referenced in the JSA83023 advisory. - An Improper Neutralization of Data within XPath Expressions 'XPath Injection' vulnerability in J-Web shipped with Juniper Networks Junos OS allows an unauthenticated,...