2 matches found
Nuxeo <10.3 - Remote Code Execution
Nuxeo prior to version 10.3 is susceptible to an unauthenticated remote code execution vulnerability via server-side template injection. id: CVE-2018-16341 info: name: Nuxeo 10.3 - Remote Code Execution author: madrobot severity: high description: | Nuxeo prior to version 10.3 is susceptible to a...
Nuxeo NuxeoUnknownResource Expression Language Injection (CVE-2018-16341)
An Expression Language injection vulnerability exist in Nuxeo Content Management System. A remote, authenticated attacker can exploit this vulnerability by sending a crafted request to the target server...