268 matches found
CVE-2023-35858
XPath Injection vulnerabilities in the blog and RSS functions of Modern Campus - Omni CMS 2023.1 allow a remote, unauthenticated attacker to obtain application information...
CVE-2023-35858
XPath Injection vulnerabilities in the blog and RSS functions of Modern Campus - Omni CMS 2023.1 allow a remote, unauthenticated attacker to obtain application information...
CVE-2023-35858
XPath Injection vulnerabilities in the blog and RSS functions of Modern Campus - Omni CMS 2023.1 allow a remote, unauthenticated attacker to obtain application information...
CVE-2023-35858
XPath Injection vulnerabilities in the blog and RSS functions of Modern Campus - Omni CMS 2023.1 allow a remote, unauthenticated attacker to obtain application information...
Modern Campus Omni CMS Security Vulnerability
Modern Campus Omni CMS is a web content management system from Modern Campus, Inc. It is used by colleges and universities to manage their websites. A security vulnerability exists in Modern Campus Omni CMS version 2023.1, which stems from an XPath injection vulnerability in the blog and RSS...
PT-2024-12515 · Modern Campus · Omni Cms
Name of the Vulnerable Software and Affected Versions: Modern Campus - Omni CMS version 2023.1 Description: The issue allows a remote, unauthenticated attacker to obtain application information through XPath Injection vulnerabilities in the blog and RSS functions. Recommendations: For Modern Camp...
CVE-2023-35858
Summary: CVE-2023-35858 affects Modern Campus – Omni CMS 2023.1. The vulnerability is an XPath Injection in the blog and RSS functions that allows a remote, unauthenticated attacker to obtain application information. What’s affected: Modern Campus Omni CMS version 2023.1; vulnerable code paths ar...
CVE-2023-35858
XPath Injection vulnerabilities in the blog and RSS functions of Modern Campus - Omni CMS 2023.1 allow a remote, unauthenticated attacker to obtain application information...
XPath Injection
robrichards/xmlseclibs is vulnerable to XPath Injection. The vulnerability is due to inadequate filtering of user input before it is incorporated into an XPath expression, which allows attackers to manipulate the XPath by injecting malicious input, potentially leading to unauthorized data access...
GHSA-2G98-F9JV-W8C5 robrichards/xmlseclibs XPath injection
A vulnerability has been identified in the robrichards/xmlseclibs library, specifically related to XPath injection. The issue arises from inadequate filtering of user input before it is incorporated into XPath expressions...
robrichards/xmlseclibs XPath injection
A vulnerability has been identified in the robrichards/xmlseclibs library, specifically related to XPath injection. The issue arises from inadequate filtering of user input before it is incorporated into XPath expressions...
CVE-2024-2648 Netentsec NS-ASG Application Security Gateway naccheck.php xpath injection
A vulnerability, which was classified as problematic, was found in Netentsec NS-ASG Application Security Gateway 6.3. Affected is an unknown function of the file /nac/naccheck.php. The manipulation of the argument username leads to improper neutralization of data within xpath expressions. It is...
CVE-2024-2645 Netentsec NS-ASG Application Security Gateway resetpwd.php xpath injection
A vulnerability classified as problematic has been found in Netentsec NS-ASG Application Security Gateway 6.3. This affects an unknown part of the file /vpnweb/resetpwd/resetpwd.php. The manipulation of the argument UserId leads to improper neutralization of data within xpath expressions. It is...
CVE-2024-2645 Netentsec NS-ASG Application Security Gateway resetpwd.php xpath injection
A vulnerability classified as problematic has been found in Netentsec NS-ASG Application Security Gateway 6.3. This affects an unknown part of the file /vpnweb/resetpwd/resetpwd.php. The manipulation of the argument UserId leads to improper neutralization of data within xpath expressions. It is...
Amazon Linux 2 : apache-ivy (ALAS-2023-2302)
The version of apache-ivy installed on the remote host is prior to 2.3.0-4. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2023-2302 advisory. Improper Restriction of XML External Entity Reference, XML Injection aka Blind XPath Injection vulnerability in Apache Software...
SUSE CVE-2022-46751
Improper Restriction of XML External Entity Reference, XML Injection aka Blind XPath Injection vulnerability in Apache Software Foundation Apache Ivy.This issue affects any version of Apache Ivy prior to 2.5.2. When Apache Ivy prior to 2.5.2 parses XML files - either its own configuration, Ivy...
CVE-2022-46751
CVE-2022-46751: Apache Ivy is vulnerable to XML External Entity (XXE) or XML injection due to improper restriction of DTD processing. Affected versions: Ivy prior to 2.5.2. Root cause: parsing XML files (Ivy config, Ivy files, POMs) can download external DTDs and expand entities, enabling data ex...
CVE-2022-46751 Apache Ivy: XML External Entity vulnerability in Apache Ivy
Improper Restriction of XML External Entity Reference, XML Injection aka Blind XPath Injection vulnerability in Apache Software Foundation Apache Ivy.This issue affects any version of Apache Ivy prior to 2.5.2. When Apache Ivy prior to 2.5.2 parses XML files - either its own configuration, Ivy...
WordPress Core 5.6.2 XPath Injection
Exploit Title: WordPress Core 5.6.2 - Xpath Injection Date: 13/08/2023 Exploit Author: Behrouz Mansoori Vendor Homepage: https://wordpress.org Software Link: https://wordpress.org/download/releases Version: 5.6.2 Tested on: Mac VULNERABILITY DETAILS : This vulnerability allows remote attackers to...
CVE-2023-38207
Adobe Commerce versions 2.4.6-p1 and earlier, 2.4.5-p3 and earlier and 2.4.4-p4 and earlier are affected by a XML Injection aka Blind XPath Injection vulnerability that could lead in minor arbitrary file system read. Exploitation of this issue does not require user interaction...