The vulnerability of HtmlUnit, a web browser without a graphical interface, is related to improper code generation. This allows attackers to execute arbitrary code.

The vulnerability of HtmlUnit, a browser without a graphical interface, is related to incorrect code generation. Exploiting this vulnerability allows an attacker operating remotely to execute arbitrary code...

Atlassian Jira Service Management Data Center and Server 4.20.x < 4.20.28 / 5.4.x < 5.4.12 / 5.5.x < 5.11.3 / 5.12.0 (JSDSERVER-14873)

The version of Atlassian Jira Service Management Data Center and Server Jira Service Desk running on the remote host is affected by a vulnerability as referenced in the JSDSERVER-14873 advisory. - HtmlUnit NekoHtml Parser before 2.61.0 suffers from a denial of service vulnerability. Crafted input...

CVE-2023-49093

A flaw was found in HTMLUnit. Fetching external resources may be possible for XSLT processors with the Feature for Secure Processing disabled FSP, allowing code injection and arbitrary code execution. HTMLUnit is vulnerable to this type of attack by default...

Arbitrary Code Execution

HtmlUnit is vulnerable to Arbitrary Code Execution. The vulnerability exists in the transform function in XSLProcessor.java due to lack of enabling the FEATURESECUREPROCESSING configuration in the MSXML XSLProcessor which allows an attacker to inject and execute arbitrary code when visiting an...

HtmlUnit vulnerable to Remote Code Execution (RCE) via XSTL

Summary HtmlUnit 3.8.0 are vulnerable to Remote Code Execution RCE via XSTL, when browsing the attacker’s webpage Details Vulnerability code location: org.htmlunit.activex.javascript.msxml.XSLProcessortransformorg.htmlunit.activex.javascript.msxml.XMLDOMNode The reason for the vulnerability is th...

ca.uhn.hapi.fhir:hapi-fhir-docs (>=7.6.0 <=7.6.1), ca.uhn.hapi.fhir:hapi-fhir-jpaserver-elastic-test-utilities (>=7.6.0 <=7.6.1) +77 more potentially affected by CVE-2023-49093 via org.htmlunit:htmlunit (>=3.0.0 <=3.8.0)

org.htmlunit:htmlunit MAVEN version =3.0.0, =7.6.0, =7.6.0, =7.6.0, =7.6.0, =7.6.0, =7.6.0, =1.1.17, =1.1.17, =1.1.17, =1.0.69, =1.0.71, =1.6.0, =1.6.2 - com.nordstrom.ui-tools:selenium-foundation =28.0.1-s4 - com.outr:robobrowser2.13 =1.6.0 and more Source cves: CVE-2023-49093 Source advisory:...

GHSA-37VQ-HR2F-G7H7 HtmlUnit vulnerable to Remote Code Execution (RCE) via XSTL

Summary HtmlUnit 3.8.0 are vulnerable to Remote Code Execution RCE via XSTL, when browsing the attacker’s webpage Details Vulnerability code location: org.htmlunit.activex.javascript.msxml.XSLProcessortransformorg.htmlunit.activex.javascript.msxml.XMLDOMNode The reason for the vulnerability is th...

CVE-2023-49093

HtmlUnit is a GUI-less browser for Java programs. HtmlUnit is vulnerable to Remote Code Execution RCE via XSTL, when browsing the attacker’s webpage. This vulnerability has been patched in version 3.9.0...

UBUNTU-CVE-2023-49093

HtmlUnit is a GUI-less browser for Java programs. HtmlUnit is vulnerable to Remote Code Execution RCE via XSTL, when browsing the attacker’s webpage. This vulnerability has been patched in version 3.9.0...

Remote code execution

HtmlUnit is a GUI-less browser for Java programs. HtmlUnit is vulnerable to Remote Code Execution RCE via XSTL, when browsing the attacker’s webpage. This vulnerability has been patched in version 3.9.0...

CVE-2023-49093 HtmlUnit vulnerable to Remote Code Execution (RCE) via XSTL

HtmlUnit is a GUI-less browser for Java programs. HtmlUnit is vulnerable to Remote Code Execution RCE via XSTL, when browsing the attacker’s webpage. This vulnerability has been patched in version 3.9.0...

CVE-2023-49093

Removed by vendor...

CVE-2023-49093 HtmlUnit vulnerable to Remote Code Execution (RCE) via XSTL

HtmlUnit is a GUI-less browser for Java programs. HtmlUnit is vulnerable to Remote Code Execution RCE via XSTL, when browsing the attacker’s webpage. This vulnerability has been patched in version 3.9.0...

CVE-2023-49093 HtmlUnit vulnerable to Remote Code Execution (RCE) via XSTL

HtmlUnit is a GUI-less browser for Java programs. HtmlUnit is vulnerable to Remote Code Execution RCE via XSTL, when browsing the attacker’s webpage. This vulnerability has been patched in version 3.9.0...

CVE-2023-49093

HtmlUnit (Java GUI-less browser) is affected by CVE-2023-49093 where an RCE can be triggered via an XSLT processing flaw when loading attacker-controlled content. The issue stems from XSLT processing not enforcing secure processing, enabling remote code execution on a vulnerable system. A patch i...

HtmlUnit Security Vulnerability

HtmlUnit is an open source java page analysis tool , read the page , you can effectively use HtmlUnit to analyze the content on the page . HtmlUnit version before 3.9.0 has a security vulnerability. Attackers can exploit the vulnerability to remotely execute code...

CVE-2023-49093

HtmlUnit is a GUI-less browser for Java programs. HtmlUnit is vulnerable to Remote Code Execution RCE via XSTL, when browsing the attacker’s webpage. This vulnerability has been patched in version 3.9.0...

PT-2023-8404 · Htmlunit · Htmlunit

Name of the Vulnerable Software and Affected Versions: HtmlUnit versions prior to 3.9.0 Description: HtmlUnit is a GUI-less browser for Java programs that is vulnerable to Remote Code Execution RCE via XSTL when browsing an attacker's webpage. The reason for the vulnerability is that the FEATURE...

DoS (Denial of Service) net.sourceforge.nekohtml:nekohtml Vulnerability in Jira Service Management Data Center and Server

This High severity Third-Party Dependency vulnerability was introduced in versions 4.20.0, 5.4.0, 5.5.0, 5.6.0, 5.7.0, 5.8.0, 5.9.0, 5.10.0, and 5.11.0 of Jira Service Management Data Center and Server. This Third-Party Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of...

Atlassian Confluence 7.13.x / 8.1.x / 8.2.x / 8.3.x / 8.6.0 < 8.6.1 (CONFSERVER-93169)

The version of Atlassian Confluence Server running on the remote host is affected by a vulnerability as referenced in the CONFSERVER-93169 advisory. - Certain Neko-related HTML parsers allow a denial of service via crafted Processing Instruction PI input that causes excessive heap memory...