8 matches found
Adobe ColdFusion XML External Entity References Improperly Restricted Vulnerability (CNVD-2026-0494343)
Adobe ColdFusion is a dynamic Web server platform and application development framework maintained by Adobe for rapidly building and deploying data-driven dynamic Web sites, Web applications, and enterprise-class services. Adobe ColdFusion suffers from an improperly restricted XML external entity...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via improper validation of user input in the datacode, datalang0key, datalang0value, datalang1key, and datatitle parameters within the /apprain/developer/language/default.xml process. An attacker can execute...
CVE-2025-41041 Stored Cross-Site Scripting vulnerability in appRain CMF
A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'datacode', 'datalang0key', 'datalang0value', 'datalang1key' and 'datatitle' parameters in /apprain/developer/language/default.x...
CVE-2025-41041 Stored Cross-Site Scripting vulnerability in appRain CMF
A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'datacode', 'datalang0key', 'datalang0value', 'datalang1key' and 'datatitle' parameters in /apprain/developer/language/default.x...
CVE-2023-27652
An issue found in Ego Studio SuperClean v.1.1.9 and v.1.1.5 allows an attacker to gain privileges cause a denial of service via the updateinfo field of the default.xml file...
Design/Logic Flaw
An issue found in Ego Studio SuperClean v.1.1.9 and v.1.1.5 allows an attacker to gain privileges cause a denial of service via the updateinfo field of the default.xml file...
CVE-2023-27652
An issue found in Ego Studio SuperClean v.1.1.9 and v.1.1.5 allows an attacker to gain privileges cause a denial of service via the updateinfo field of the default.xml file...
Apache Struts 2 vulnerable to denial-of-service (DoS)
Overview Apache Struts 2 provided by The Apache Software Foundation contains a denial-of-service DoS vulnerability CWE-400. Takeshi Terada of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning...