346 matches found
Entity Reference Tree Widget - Moderately critical - Cross Site Scripting - SA-CONTRIB-2022-026
This module provides an entity relationship hierarchy tree widget for an entity reference field. The module doesn't sufficiently filter on output, leading to a Cross Site Scripting vulnerability. This vulnerability is mitigated by the fact that an attacker must have a role with the permission to...
CVE-2022-21205
Improper restriction of XML external entity reference in DSP Builder Pro for IntelR QuartusR Prime Pro Edition before version 21.3 may allow an unauthenticated user to potentially enable information disclosure via network access...
GHSA-75VW-3M5V-FPRH corenlp is vulnerable to Improper Restriction of XML External Entity Reference
corenlp is vulnerable to Improper Restriction of XML External Entity Reference...
CVE-2022-0239
corenlp is vulnerable to Improper Restriction of XML External Entity Reference...
CVE-2022-0239
corenlp is vulnerable to Improper Restriction of XML External Entity Reference...
CVE-2022-0239
The CVE-2022-0239 entry pertains to Stanford CoreNLP (corenlp) with an XML External Entity (XXE) processing flaw. Root cause: SchemaFactory is created without secure processing enabled and is used to validate XML against a schema, enabling XXE when processing malicious XML. Impact (per public rec...
PT-2022-13058
Name of the Vulnerable Software and Affected Versions corenlp affected versions not specified Description The issue is related to Improper Restriction of XML External Entity Reference. No information is provided about the estimated number of potentially affected devices or real-world incidents...
Debian DSA-5047-1 : prosody - security update
The remote Debian 10 / 11 host has a package installed that is affected by a vulnerability as referenced in the dsa-5047 advisory. Matthew Wild discovered that the WebSockets code in Prosody, a lightweight Jabber/XMPP server, was susceptible to denial of service. For the oldstable distribution...
CVE-2022-0198
The CVE-2022-0198 entry concerns Stanford CoreNLP (stanfordnlp/corenlp) and an XML External Entity (XXE) vulnerability. Affected component: CoreNLP’s XML processing via TransformXML()/XML parsing paths, leading to improper restriction of external entities. Potential impact (per sources): reading ...
CVE-2022-0198 Improper Restriction of XML External Entity Reference in stanfordnlp/corenlp
corenlp is vulnerable to Improper Restriction of XML External Entity Reference...
GHSA-Q4XF-3PMQ-3HW8 Improper Restriction of XML External Entity Reference in Apache NiFi
In Apache NiFi 1.0.0 to 1.11.4, the notification service manager and various policy authorizer and user group provider objects allowed trusted administrators to inadvertently configure a potentially malicious XML file. The XML file has the ability to make external calls to services via XXE...
CVE-2021-3836
dbeaver is vulnerable to Improper Restriction of XML External Entity Reference...
CVE-2021-3836 Improper Restriction of XML External Entity Reference in dbeaver/dbeaver
dbeaver is vulnerable to Improper Restriction of XML External Entity Reference...
VISAM VBASE Editor
1. EXECUTIVE SUMMARY CVSS v3 7.4 ATTENTION: Exploitable remotely/low attack complexity Vendor: VISAM Equipment: VBASE Vulnerabilities: Improper Access Control, Cross-site Scripting, Improper Restriction of XML External Entity Reference, Using Components with Known Vulnerabilities 2. RISK...
Stanford CoreNlp 代码问题漏洞
Stanford CoreNlp is a set of open source, natural language analysis tools written in Java by the Stanford Nlp Group team. A security vulnerability exists in Stanford CoreNlp that stems from an improperly restricted XML external entity reference...
CVE-2021-3878
corenlp is vulnerable to Improper Restriction of XML External Entity Reference...
CVE-2021-3878 Improper Restriction of XML External Entity Reference in stanfordnlp/corenlp
corenlp is vulnerable to Improper Restriction of XML External Entity Reference...
CVE-2021-3878
CVE-2021-3878 affects Stanford CoreNLP: XML External Entity (XXE) processing vulnerability in readDocument() via DomReader.java. An unauthenticated, network-based attacker could exploit this to read arbitrary files, cause DoS, SSRF, port scanning, or other system impacts as indicated by the descr...
CVE-2021-41098
A XML External Entity Reference XXE vulnerability was found in RubyGem Nokogiri on JRuby Java implementation of the Ruby. If attacker is able to insert untrusted XML input containing a reference to an external entity, it is processed by a weakly configured SAX parser, resulting disclosure of...
GHSA-7QFM-6M33-RGG9 XML External Entity Reference
An issue was discovered in service-api before 4.3.12 and 5.x before 5.1.1 for Report Portal. It allows XXE, with resultant secrets disclosure and SSRF, via JUnit XML launch import...