2 matches found
GHSA-2JQJ-5QV2-XVCG ezsystems/ezplatform-richtext allows access to external entities in XML
Impact This security advisory resolves a vulnerability in the RichText field type. By entering a maliciously crafted input into the RichText XML, an attacker could perform an attack using XML external entity XXE injection, which might be able to read files on the server. To exploit this...
GHSA-9J39-4686-M3C4 Ibexa Kernel's files with blacklisted extensions can be still saved to drafts
Impact File validation can be configured to reject certain files by file type. When this happens, validation fails, and the content can't be published. However, the file can be saved when saving the content draft. This means unwanted files can be present in storage, even if they are not easily...