Hippo CMS XML External Entity Information Disclosure Vulnerability

Hippo CMS is an open source information-centered content management system . It is a friendly interface , open system and can be integrated into existing systems to use . XXE XML External Entity is processed through SVG uploads in the image of the CMS and imported through XML in the CMS console...

Hippo CMS Cross-Site Scripting Vulnerability

Hippo CMS is an open source Java CMS. A cross-site scripting vulnerability exists in Hippo CMS versions 10.1, 7.9, and 7.8 Enterprise Edition. The failure to filter the POST parameters "groupname" and "description" allows an attacker to insert malicious code...

Hippo CMS: source code security analysis report

Several vulnerabilities were discovered in Hippo 'Hippo CMS' software: Using XSL Transformation to Execute Any Code Violating the Java Object Model Missing XML document schema validation Using Broken or Risky Cryptographic Algorithm Incorrect Permissions for External Entities During XML Document...

Hippo CMS 10.1 - Multiple Vulnerabilities

Exploit for java platform in category web applications Hippo CMS 10.1 XML External Entity Information Disclosure Vulnerability Vendor: Hippo B.V. Product web page: http://www.onehippo.org Affected version: 10.1, 7.9 and 7.8 Enterprise Edition Summary: Hippo CMS is an open source Java CMS. We buil...

Hippo CMS 10.1 - Multiple Vulnerabilities

Hippo CMS 10.1 - Multiple Vulnerabilities Hippo CMS 10.1 XML External Entity Information Disclosure Vulnerability Vendor: Hippo B.V. Product web page: http://www.onehippo.org Affected version: 10.1, 7.9 and 7.8 Enterprise Edition Summary: Hippo CMS is an open source Java CMS. We built it so you...

Hippo CMS 10.1 - Multiple Vulnerabilities

Hippo CMS 10.1 XML External Entity Information Disclosure Vulnerability Vendor: Hippo B.V. Product web page: http://www.onehippo.org Affected version: 10.1, 7.9 and 7.8 Enterprise Edition Summary: Hippo CMS is an open source Java CMS. We built it so you can easily integrate it into your existing...

Hippo CMS 10.1 XML External Entity Information Disclosure

Hippo CMS 10.1 XML External Entity Information Disclosure Vulnerability Vendor: Hippo B.V. Product web page: http://www.onehippo.org Affected version: 10.1, 7.9 and 7.8 Enterprise Edition Summary: Hippo CMS is an open source Java CMS. We built it so you can easily integrate it into your existing...

Hippo CMS 10.1 Stored Cross Site Scripting

" / " / input type="...

Hippo CMS 10.1 Stored Cross-Site Scripting Vulnerability

Summary Hippo CMS is an open source Java CMS. We built it so you can easily integrate it into your existing architecture. Description Hippo CMS suffers from a stored XSS vulnerability. Input passed thru the POST parameters 'groupname' and 'description' is not sanitized allowing the attacker to...

Hippo CMS 10.1 XML External Entity Information Disclosure Vulnerability

Summary Hippo CMS is an open source Java CMS. We built it so you can easily integrate it into your existing architecture. Description XXE XML External Entity processing through upload of SVG images in the CMS, and through XML import in the CMS Console application. Hippo CMS 10.1 XML External Enti...

Hippo CMS 7.9.7 Enterprise Edition CRLF Injection

Affected software: hippo cms Type of vulnerability:crlf URL:https://cms.demo.onehippo.com Discovered by: provensec Website: provensec.com version: CMS 7.9.7 Enterprise Edition Proof of concept payload : advanced%0d%0aContent-Length:%200%0d%0a%0d%0aHTTP/1.1%20200%20OK%0d%0aContent-...