29 matches found
PT-2025-22881 · Fess · Fess
Name of the Vulnerable Software and Affected Versions: Fess versions prior to 14.19.2 Description: The issue primarily affects environments where Fess is deployed in a shared or multi-user context, potentially leading to information disclosure. This could allow unauthorized local users to access...
XML External Entity Injection (XXE)
Fess is vulnerable to XML external entity injection XXE. The library does not prevent the GSA XML file parser from processing the malicious GSA XML files injected by the attacker...
XML External Entity (XXE) vulnerability in codelibs fess
codelibs fess version before commit faa265b contains a XML External Entity XXE vulnerability in GSA XML file parser that can result in Disclosure of confidential data, denial of service, SSRF, port scanning. This attack appear to be exploitable via specially crafted GSA XML files. This...
GHSA-77HP-PFXW-4W63 XML External Entity (XXE) vulnerability in codelibs fess
codelibs fess version before commit faa265b contains a XML External Entity XXE vulnerability in GSA XML file parser that can result in Disclosure of confidential data, denial of service, SSRF, port scanning. This attack appear to be exploitable via specially crafted GSA XML files. This...
Xxe
codelibs fess version before commit faa265b contains a XML External Entity XXE vulnerability in GSA XML file parser that can result in Disclosure of confidential data, denial of service, SSRF, port scanning. This attack appear to be exploitable via specially crafted GSA XML files. This...
CVE-2018-1000822
codelibs fess version before commit faa265b contains a XML External Entity XXE vulnerability in GSA XML file parser that can result in Disclosure of confidential data, denial of service, SSRF, port scanning. This attack appear to be exploitable via specially crafted GSA XML files. This...
CVE-2018-1000822
codelibs fess version before commit faa265b contains a XML External Entity XXE vulnerability in GSA XML file parser that can result in Disclosure of confidential data, denial of service, SSRF, port scanning. This attack appear to be exploitable via specially crafted GSA XML files. This...
CVE-2018-1000822
CVE-2018-1000822 : The vulnerability affects codelibs fess version before the commit faa265b, where the GSA XML file parser is vulnerable to XML External Entity (XXE). This can lead to disclosure of confidential data, denial of service, SSRF, and port scanning when processing specially crafted GS...
CVE-2018-1000822
codelibs fess version before commit faa265b contains a XML External Entity XXE vulnerability in GSA XML file parser that can result in Disclosure of confidential data, denial of service, SSRF, port scanning. This attack appear to be exploitable via specially crafted GSA XML files. This...