Lucene search
K

4 matches found

redhatcve
redhatcve
added 2023/12/05 12:40 p.m.52 views

CVE-2023-49093

A flaw was found in HTMLUnit. Fetching external resources may be possible for XSLT processors with the Feature for Secure Processing disabled FSP, allowing code injection and arbitrary code execution. HTMLUnit is vulnerable to this type of attack by default...

8.8CVSS7.7AI score0.02378EPSS
Exploits1References4
vulnersosv
vulnersosv
added 2023/12/04 11:13 p.m.8 views

ca.uhn.hapi.fhir:hapi-fhir-docs (>=7.6.0 <=7.6.1), ca.uhn.hapi.fhir:hapi-fhir-jpaserver-elastic-test-utilities (>=7.6.0 <=7.6.1) +77 more potentially affected by CVE-2023-49093 via org.htmlunit:htmlunit (>=3.0.0 <=3.8.0)

org.htmlunit:htmlunit MAVEN version =3.0.0, =7.6.0, =7.6.0, =7.6.0, =7.6.0, =7.6.0, =7.6.0, =1.1.17, =1.1.17, =1.1.17, =1.0.69, =1.0.71, =1.6.0, =1.6.2 - com.nordstrom.ui-tools:selenium-foundation =28.0.1-s4 - com.outr:robobrowser2.13 =1.6.0 and more Source cves: CVE-2023-49093 Source advisory:...

9.8CVSS7.1AI score0.02378EPSS
Exploits1
cvelist
cvelist
added 2023/12/04 4:47 a.m.44 views

CVE-2023-49093 HtmlUnit vulnerable to Remote Code Execution (RCE) via XSTL

HtmlUnit is a GUI-less browser for Java programs. HtmlUnit is vulnerable to Remote Code Execution RCE via XSTL, when browsing the attacker’s webpage. This vulnerability has been patched in version 3.9.0...

9.8CVSS9.9AI score0.02378EPSS
Exploits1References2
cve
cve
added 2023/12/04 4:47 a.m.180 views

CVE-2023-49093

HtmlUnit (Java GUI-less browser) is affected by CVE-2023-49093 where an RCE can be triggered via an XSLT processing flaw when loading attacker-controlled content. The issue stems from XSLT processing not enforcing secure processing, enabling remote code execution on a vulnerable system. A patch i...

9.8CVSS9.3AI score0.02378EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder