18 matches found
EUVD-2024-22978
Malicious code in bioql PyPI...
EUVD-2023-30354
Malicious code in bioql PyPI...
CVE-2023-26559
A directory traversal vulnerability in Oxygen XML Web Author before 25.0.0.3 build 2023021715 and Oxygen Content Fusion before 5.0.3 build 2023022015 allows an attacker to read files from a WEB-INF directory via a crafted HTTP request. XML Web Author 24.1.0.3 build 2023021714 and 23.1.1.4 build...
CVE-2024-25662
Oxygen XML Web Author v26.0.0 and older and Oxygen Content Fusion v6.1 and older are vulnerable to Cross-Site Scripting XSS for malicious URLs...
CVE-2024-25662
Oxygen XML Web Author v26.0.0 and older and Oxygen Content Fusion v6.1 and older are vulnerable to Cross-Site Scripting XSS for malicious URLs...
Oxygen XML Web Author 安全漏洞
SyncRO Soft Oxygen XML Web Author is an XML editor from SyncRO Soft. A security vulnerability exists in Oxygen XML Web Author version v26.0.0 and earlier, and Oxygen Content Fusion version v6.1 and earlier. An attacker could exploit this vulnerability to conduct cross-site scripting attacks...
CVE-2024-25662
Oxygen XML Web Author v26.0.0 and older and Oxygen Content Fusion v6.1 and older are vulnerable to Cross-Site Scripting XSS for malicious URLs...
CVE-2024-25662
CVE-2024-25662 affects Oxygen XML Web Author (prior to v26.0.0) and Oxygen Content Fusion (prior to v6.1). The vulnerability is Cross‑Site Scripting (XSS) triggered by malicious URLs, as described in multiple sources (e.g., Oxygen advisory). The core issue is an XSS exposure in handling URLs with...
CVE-2024-25662
Oxygen XML Web Author v26.0.0 and older and Oxygen Content Fusion v6.1 and older are vulnerable to Cross-Site Scripting XSS for malicious URLs...
PT-2024-21079 · Syncro Soft · Oxygen Xml Web Author +1
Name of the Vulnerable Software and Affected Versions: Oxygen XML Web Author versions prior to 26.0.0 Oxygen Content Fusion versions prior to 6.1 Description: The issue allows for Cross-Site Scripting XSS attacks using malicious URLs. Recommendations: For Oxygen XML Web Author versions prior to...
CVE-2023-26559
A directory traversal vulnerability in Oxygen XML Web Author before 25.0.0.3 build 2023021715 and Oxygen Content Fusion before 5.0.3 build 2023022015 allows an attacker to read files from a WEB-INF directory via a crafted HTTP request. XML Web Author 24.1.0.3 build 2023021714 and 23.1.1.4 build...
CVE-2023-26559
A directory traversal vulnerability in Oxygen XML Web Author before 25.0.0.3 build 2023021715 and Oxygen Content Fusion before 5.0.3 build 2023022015 allows an attacker to read files from a WEB-INF directory via a crafted HTTP request. XML Web Author 24.1.0.3 build 2023021714 and 23.1.1.4 build...
Directory traversal
A directory traversal vulnerability in Oxygen XML Web Author before 25.0.0.3 build 2023021715 and Oxygen Content Fusion before 5.0.3 build 2023022015 allows an attacker to read files from a WEB-INF directory via a crafted HTTP request. XML Web Author 24.1.0.3 build 2023021714 and 23.1.1.4 build...
CVE-2023-26559
A directory traversal vulnerability in Oxygen XML Web Author before 25.0.0.3 build 2023021715 and Oxygen Content Fusion before 5.0.3 build 2023022015 allows an attacker to read files from a WEB-INF directory via a crafted HTTP request. XML Web Author 24.1.0.3 build 2023021714 and 23.1.1.4 build...
PT-2023-20727 · Syncro Soft · Oxygen Content Fusion +1
Name of the Vulnerable Software and Affected Versions: Oxygen XML Web Author versions prior to 25.0.0.3 build 2023021715 Oxygen Content Fusion versions prior to 5.0.3 build 2023022015 Description: A directory traversal issue allows an attacker to read files from a WEB-INF directory via a crafted...
Syncro Soft Oxygen XML WebHelp 路径遍历漏洞
Syncro Soft Oxygen XML WebHelp is for converting DITA and DocBook resources to WebHelp output from Syncro Soft Romania. A security vulnerability exists in Oxygen XML Web Author versions prior to 25.0.0.3 build 2023021715, Oxygen Content Fusion versions prior to 5.0.3 build 2023022015, which...
CVE-2023-26559
The CVE-2023-26559 entry describes a directory traversal flaw in Syncro Soft Oxygen XML Web Author (pre-25.0.0.3 build 2023021715) and Oxygen Content Fusion (pre-5.0.3 build 2023022015) that lets an attacker read files under WEB-INF via a crafted HTTP request. Affected versions include XML Web Au...
CVE-2023-26559
A directory traversal vulnerability in Oxygen XML Web Author before 25.0.0.3 build 2023021715 and Oxygen Content Fusion before 5.0.3 build 2023022015 allows an attacker to read files from a WEB-INF directory via a crafted HTTP request. XML Web Author 24.1.0.3 build 2023021714 and 23.1.1.4 build...