95 matches found
Apache Text4Shell and others update for Teradici Cloud Access Connector
HP has provided updated versions of Teradici Cloud Access Connector that remediate vulnerabilities found in Apache Commons Text Text4Shell prior to 1.10.0, Apache Commons BCEL prior to 6.6.0, Apache Commons Configuration prior to 2.7, and ESAPI The OWASP Enterprise Security API prior to 2.3.0.0...
GHSA-W3VW-CCC5-QR8V Use After Free in Context::start_auth_session
Impact This issue only applies to applications starting authorization sessions using an explicit initial nonce. When Context::startauthsession was called with a nonce argument value of Some..., the nonce pointer passed down through FFI to EsysStartAuthSession would be a dangling pointer, left ove...
Use After Free in Context::start_auth_session
Impact This issue only applies to applications starting authorization sessions using an explicit initial nonce. When Context::startauthsession was called with a nonce argument value of Some..., the nonce pointer passed down through FFI to EsysStartAuthSession would be a dangling pointer, left ove...
GHSA-JCP9-796G-PV9P Missing Cryptographic Step in OWASP Enterprise Security API for Java
The authenticated-encryption feature in the symmetric-encryption implementation in the OWASP Enterprise Security API ESAPI for Java 2.x before 2.1.0 does not properly resist tampering with serialized ciphertext, which makes it easier for remote attackers to bypass intended cryptographic protectio...
cloud.genesys:web-messaging-sdk (>=3.0.0 <=5.0.0), cn.acooly:acooly-auth-wechat-authenticator (=5.2.1) +233 more potentially affected by CVE-2013-5960 via org.owasp.esapi:esapi (>=2.0.1 <=2.1.0)
org.owasp.esapi:esapi MAVEN version =2.0.1, =3.0.0, =5.0.0 - cn.acooly:acooly-auth-wechat-authenticator =5.2.1 - com.acooly:acooly-component-account =5.2.1 - com.acooly:acooly-component-app =5.2.1 - com.acooly:acooly-component-assetmgmt =5.2.1 - com.acooly:acooly-component-certification =5.2.1 -...
OWASP ESAPI Cross-Site Scripting Vulnerability
OWASP ESAPI is a free, open source, web application security control library that makes it easier for programmers to write lower-risk applications. cross-site scripting vulnerabilities exist in versions of OWASP ESAPI prior to 2.3.0.0, which originate from the " onsiteURL" regular expression erro...
Cross-site Scripting (XSS)
esapi is vulnerable to cross-site scripting. The vulnerability exists due to the lack of sanitization use in the onsiteURL regular expression of antisamy-esapi.xml, allowing an attacker to inject and execute malicious javascript...
CVE-2022-24891
ESAPI The OWASP Enterprise Security API is a free, open source, web application security control library. Prior to version 2.3.0.0, there is a potential for a cross-site scripting vulnerability in ESAPI caused by a incorrect regular expression for "onsiteURL" in the antisamy-esapi.xml configurati...
Cross site scripting
ESAPI The OWASP Enterprise Security API is a free, open source, web application security control library. Prior to version 2.3.0.0, there is a potential for a cross-site scripting vulnerability in ESAPI caused by a incorrect regular expression for "onsiteURL" in the antisamy-esapi.xml configurati...
CVE-2022-24891
ESAPI The OWASP Enterprise Security API is a free, open source, web application security control library. Prior to version 2.3.0.0, there is a potential for a cross-site scripting vulnerability in ESAPI caused by a incorrect regular expression for "onsiteURL" in the antisamy-esapi.xml configurati...
UBUNTU-CVE-2022-24891
ESAPI The OWASP Enterprise Security API is a free, open source, web application security control library. Prior to version 2.3.0.0, there is a potential for a cross-site scripting vulnerability in ESAPI caused by a incorrect regular expression for "onsiteURL" in the antisamy-esapi.xml configurati...
GHSA-Q77Q-VX4Q-XX6Q Cross-site Scripting in org.owasp.esapi:esapi
Impact There is a potential for an XSS vulnerability in ESAPI caused by a incorrect regular expression for "onsiteURL" in the antisamy-esapi.xml configuration file that can cause URLs with the "javascript:" scheme to NOT be sanitized. See the reference below for full details. Patches Patched in...
cloud.genesys:web-messaging-sdk (>=3.0.0 <=5.0.0), cn.acooly:acooly-auth-wechat-authenticator (=5.2.1) +516 more potentially affected by CVE-2022-24891 via org.owasp.esapi:esapi (>=2.0GA <=2.2.3.1)
org.owasp.esapi:esapi MAVEN version =2.0GA, =3.0.0, =5.0.0 - cn.acooly:acooly-auth-wechat-authenticator =5.2.1 - cn.dceast.platform:platform-security-starter =2.2.3 - com.acooly:acooly-component-account =5.2.1 - com.acooly:acooly-component-app =5.2.1 - com.acooly:acooly-component-assetmgmt =5.2.1...
Cross-site Scripting in org.owasp.esapi:esapi
Impact There is a potential for an XSS vulnerability in ESAPI caused by a incorrect regular expression for "onsiteURL" in the antisamy-esapi.xml configuration file that can cause URLs with the "javascript:" scheme to NOT be sanitized. See the reference below for full details. Patches Patched in...
cloud.genesys:web-messaging-sdk (>=3.0.0 <=5.0.0), cn.acooly:acooly-auth-wechat-authenticator (=5.2.1) +516 more potentially affected by CVE-2022-23457 via org.owasp.esapi:esapi (>=2.0GA <=2.2.3.1)
org.owasp.esapi:esapi MAVEN version =2.0GA, =3.0.0, =5.0.0 - cn.acooly:acooly-auth-wechat-authenticator =5.2.1 - cn.dceast.platform:platform-security-starter =2.2.3 - com.acooly:acooly-component-account =5.2.1 - com.acooly:acooly-component-app =5.2.1 - com.acooly:acooly-component-assetmgmt =5.2.1...
Path traversal in the OWASP Enterprise Security API
Impact The default implementation of Validator.getValidDirectoryPathString, String, File, boolean may incorrectly treat the tested input string as a child of the specified parent directory. This potentially could allow control-flow bypass checks to be defeated if an attack can specify the entire...
CVE-2022-24891 Cross-site Scripting in org.owasp.esapi:esapi -- antisamy-esapi.xml configuration file
ESAPI The OWASP Enterprise Security API is a free, open source, web application security control library. Prior to version 2.3.0.0, there is a potential for a cross-site scripting vulnerability in ESAPI caused by a incorrect regular expression for "onsiteURL" in the antisamy-esapi.xml configurati...
CVE-2022-24891 Cross-site Scripting in org.owasp.esapi:esapi -- antisamy-esapi.xml configuration file
ESAPI The OWASP Enterprise Security API is a free, open source, web application security control library. Prior to version 2.3.0.0, there is a potential for a cross-site scripting vulnerability in ESAPI caused by a incorrect regular expression for "onsiteURL" in the antisamy-esapi.xml configurati...
CVE-2022-24891
ESAPI The OWASP Enterprise Security API is a free, open source, web application security control library. Prior to version 2.3.0.0, there is a potential for a cross-site scripting vulnerability in ESAPI caused by a incorrect regular expression for "onsiteURL" in the antisamy-esapi.xml configurati...
PT-2022-16962
Name of the Vulnerable Software and Affected Versions ESAPI versions prior to 2.3.0.0 Description There is a potential for a cross-site scripting vulnerability in ESAPI caused by an incorrect regular expression for onsiteURL in the antisamy-esapi.xml configuration file. This can cause javascript:...