Lucene search
K

47 matches found

Prion
Prion
added 2022/03/28 10:15 p.m.20 views

Server side request forgery (ssrf)

C1 CMS is an open-source, .NET based Content Management System CMS. Versions prior to 6.12 allow an authenticated user to exploit Server Side Request Forgery SSRF by causing the server to make arbitrary GET requests to other servers in the local network or on localhost. The attacker may also...

6.5CVSS7.3AI score0.00734EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2022/03/28 12:0 a.m.5 views

Orckestra C1 CMS 代码问题漏洞

Orckestra C1 CMS is an open source web content management system CMS based on . A code issue vulnerability exists in Orckestra C1 CMS versions prior to 6.12 that allows an authenticated attacker to send arbitrary GET requests through the server to other servers on the local network or localhost...

7.6CVSS7.5AI score0.00734EPSS
Exploits0References3
OSV
OSV
added 2022/02/09 12:45 a.m.91 views

GHSA-FMJ2-7WX8-QJ4V Server-side request forgery (SSRF) in Apache XmlGraphics Commons

Apache XmlGraphics Commons 2.4 is vulnerable to server-side request forgery, caused by improper input validation by the XMPParser. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests...

8.2CVSS7.4AI score0.0665EPSS
Exploits0References12
Github Security Blog
Github Security Blog
added 2022/02/09 12:45 a.m.80 views

Server-side request forgery (SSRF) in Apache XmlGraphics Commons

Apache XmlGraphics Commons 2.4 is vulnerable to server-side request forgery, caused by improper input validation by the XMPParser. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests...

8.2CVSS4.6AI score0.0665EPSS
Exploits0References12Affected Software1
OSV
OSV
added 2022/01/06 8:35 p.m.2 views

GHSA-2H63-QP69-FWVW Server-side request forgery (SSRF) in Apache Batik

Apache Batik 1.13 is vulnerable to server-side request forgery, caused by improper input validation by the NodePickerPanel. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests...

8.2CVSS6.9AI score0.13635EPSS
Exploits0References20
Tenable Nessus
Tenable Nessus
added 2021/04/19 12:0 a.m.36 views

Fedora 33 : xmlgraphics-commons (2021-c07a9e79cf)

The remote Fedora 33 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2021-c07a9e79cf advisory. - Apache XmlGraphics Commons 2.4 is vulnerable to server-side request forgery, caused by improper input validation by the XMPParser. By using a...

8.2CVSS7.4AI score0.0665EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2021/04/16 12:0 a.m.29 views

Fedora 33 : batik (2021-33a1b73e48)

The remote Fedora 33 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2021-33a1b73e48 advisory. - Apache Batik 1.13 is vulnerable to server-side request forgery, caused by improper input validation by the NodePickerPanel. By using a...

8.2CVSS6.9AI score0.13635EPSS
Exploits0References2
OSV
OSV
added 2021/03/17 6:16 a.m.7 views

MGASA-2021-0139 Updated batik packages fix a security vulnerability

The Apache Batik library is vulnerable to SSRF via the NodePickerPanel that allow an attacker to cause the underlying server to make arbitrary GET requests CVE-2020-11987...

8.2CVSS8.1AI score0.13635EPSS
Exploits0References4
CNVD
CNVD
added 2021/02/26 12:0 a.m.6 views

Apache XmlGraphics Commons Server-Side Request Forgery Vulnerability

Apache XmlGraphics Commons is Apach open source a system library . Provides several reusable libraries. Apache XmlGraphics Commons 2.4 suffers from a server-side request forgery vulnerability that stems from the failure of XMPParser to properly validate inputs, which can be exploited by an attack...

8.2CVSS6.7AI score0.0665EPSS
Exploits0References1
CNVD
CNVD
added 2021/02/26 12:0 a.m.2 views

Apache Batik Server-Side Request Forgery Vulnerability

Apache Batik is Apach open source a system library . Provides scalable vector graphics SVG format images for various purposes applications or applets. Apache Batik version 1.13 suffers from a server-side request forgery vulnerability, which is caused by a failure of NodePanel to properly validate...

8.2CVSS6.8AI score0.13635EPSS
Exploits0References1
OSV
OSV
added 2021/02/24 6:15 p.m.2 views

DEBIAN-CVE-2020-11987

Apache Batik 1.13 is vulnerable to server-side request forgery, caused by improper input validation by the NodePickerPanel. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests...

8.2CVSS6.7AI score0.13635EPSS
Exploits0References1
NVD
NVD
added 2021/02/24 6:15 p.m.24 views

CVE-2020-11987

Apache Batik 1.13 is vulnerable to server-side request forgery, caused by improper input validation by the NodePickerPanel. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests...

8.2CVSS0.13635EPSS
Exploits0References13
OSV
OSV
added 2021/02/24 6:15 p.m.26 views

CVE-2020-11987

Apache Batik 1.13 is vulnerable to server-side request forgery, caused by improper input validation by the NodePickerPanel. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests...

8.2CVSS6.6AI score
Exploits0References13
Prion
Prion
added 2021/02/24 6:15 p.m.29 views

Server side request forgery (ssrf)

Apache Batik 1.13 is vulnerable to server-side request forgery, caused by improper input validation by the NodePickerPanel. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests...

6.4CVSS7.4AI score0.13635EPSS
Exploits0References12Affected Software22
CNNVD
CNNVD
added 2021/02/24 12:0 a.m.7 views

Apache XmlGraphics Commons 代码问题漏洞

Apache XmlGraphics Commons is Apach open source a system library . Provides several reusable libraries. Apache XmlGraphics Commons 2.4 suffers from a server-side request forgery vulnerability that stems from the failure of XMPParser to properly validate inputs, which can be exploited by an attack...

8.2CVSS6.9AI score0.0665EPSS
Exploits0References19
RedHat Linux
RedHat Linux
added 2020/12/16 12:11 p.m.4 views

batik: SSRF via "xlink:href"

A flaw was found in the Apache Batik library, where it is vulnerable to a Server-Side Request Forgery attack SSRF via "xlink:href" attributes. This flaw allows an attacker to cause the underlying server to make arbitrary GET requests. The highest threat from this vulnerability is to system...

7.5CVSS6.8AI score0.1074EPSS
Exploits0References4
OSV
OSV
added 2020/11/12 6:15 p.m.1 views

DEBIAN-CVE-2019-17566

Apache Batik is vulnerable to server-side request forgery, caused by improper input validation by the "xlink:href" attributes. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests...

7.5CVSS6.5AI score0.1074EPSS
Exploits0References1
OSV
OSV
added 2020/11/12 6:15 p.m.4 views

UBUNTU-CVE-2019-17566

Apache Batik is vulnerable to server-side request forgery, caused by improper input validation by the "xlink:href" attributes. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests...

7.5CVSS6.9AI score0.1074EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2020/11/05 6:48 p.m.9 views

batik: SSRF via "xlink:href"

A flaw was found in the Apache Batik library, where it is vulnerable to a Server-Side Request Forgery attack SSRF via "xlink:href" attributes. This flaw allows an attacker to cause the underlying server to make arbitrary GET requests. The highest threat from this vulnerability is to system...

7.5CVSS6.8AI score0.1074EPSS
Exploits0References4
OSV
OSV
added 2020/07/23 10:21 a.m.9 views

OPENSUSE-SU-2020:1043-1 Security update for xmlgraphics-batik

This update for xmlgraphics-batik fixes the following issues: - CVE-2019-17566: Fixed a SSRF which might have allowed the underlying server to make arbitrary GET requests bsc1172961. This update was imported from the SUSE:SLE-15-SP1:Update update project. This update was imported from the...

7.5CVSS7.7AI score0.1074EPSS
Exploits0References3
Rows per page
Query Builder