8 matches found
Apache Isis Cross-Site Scripting Vulnerability
Apache Isis is the United States Apache Apache Foundation of a framework for rapid development of domain-driven applications in Java. A cross-site scripting vulnerability exists in versions of Apache Isis prior to 2.0.0-M9, which stems from a failure to properly escape an input string when...
Apache Isis Authorization Issues Vulnerability
Apache Isis is the United States Apache Apache Foundation , a framework for rapid development of domain-driven applications in Java . Apache Isis suffers from an authorization issue vulnerability that stems from the h2 webconsole module accessible in the prototype menu automatically providing the...
GHSA-998R-J9RX-QM8M Apache Isis webconsole module may directly query the database in prototype mode
When running in prototype mode, the h2 webconsole module accessible from the Prototype menu is automatically made available with the ability to directly query the database. It was felt that it is safer to require the developer to explicitly enable this capability. As of 2.0.0-M8, this can now be...
Apache Isis Cross-site Scripting vulnerability
Prior to 2.0.0-M9, it was possible for an end-user to set the value of an editable string property of a domain object to a value that would be rendered unchanged when the value was saved. In particular, the end-user could enter javascript or similar and this would be executed. As of this release,...
Apache Isis webconsole module may directly query the database in prototype mode
When running in prototype mode, the h2 webconsole module accessible from the Prototype menu is automatically made available with the ability to directly query the database. It was felt that it is safer to require the developer to explicitly enable this capability. As of 2.0.0-M8, this can now be...
GHSA-7PFC-CC9X-8P4M Apache Isis Cross-site Scripting vulnerability
Prior to 2.0.0-M9, it was possible for an end-user to set the value of an editable string property of a domain object to a value that would be rendered unchanged when the value was saved. In particular, the end-user could enter javascript or similar and this would be executed. As of this release,...
Apache Isis 跨站脚本漏洞
Apache Isis is the United States Apache Apache Foundation of a framework for rapid development of domain-driven applications in Java. A cross-site scripting vulnerability exists in versions of Apache Isis prior to 2.0.0-M9, which stems from a failure to properly escape an input string when...
Apache Isis 安全漏洞
Apache Isis is the United States Apache Apache Foundation , a framework for rapid development of domain-driven applications in Java . Apache Isis suffers from an authorization issue vulnerability that stems from the h2 webconsole module accessible in the prototype menu automatically providing the...