GHSA-X3X3-QWJQ-8GJ4 Apache CXF Server-Side Request Forgery vulnerability

A SSRF vulnerability in parsing the href attribute of XOP:Include in MTOM requests in versions of Apache CXF before 3.5.5 and 3.4.10 allows an attacker to perform SSRF style attacks on webservices that take at least one parameter of any type...

PT-2022-27840

Name of the Vulnerable Software and Affected Versions Apache CXF versions prior to 3.5.5 Apache CXF versions prior to 3.4.10 Description A Server-Side Request Forgery SSRF issue exists in the parsing of the href attribute of XOP:Include in MTOM requests. This allows an attacker to perform SSRF...

libxml2: Incorrect server side include parsing can lead to XSS

A Cross-site scripting XSS vulnerability was found in libxml2. A specially crafted input, when serialized and re-parsed by the libxml2 library, will result in a document with element attributes that did not exist in the original document...

RLSA-2022:7715 Moderate: libxml2 security update

The libxml2 library is a development toolbox providing the implementation of various XML standards. Security Fixes: libxml2: Incorrect server side include parsing can lead to XSS CVE-2016-3709 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and oth...

Authorization Bypass

Spring Security Web is vulnerable to Authorization Bypass. The vulnerability exists in AuthorizationFilter because it incorrectly extends OncePerRequestFilter which allows an attacker to bypass authorization rules via forward or include dispatcher types...

The vulnerability of the `include/chart_generator.php` script of the Pandora Console component, a monitoring and management system for IT environments in the Pandora FMS framework. This script allows attackers to bypass security restrictions and execute arbitrary SQL code.

The vulnerability of the include/chartgenerator.php implementation of the Pandora Console component in the Pandora FMS monitoring and management system is related to the lack of measures taken to protect the SQL query structure during the processing of the sessionid parameter. Exploiting this...

GHSA-MMMH-WCXM-2WR4 Spring Security authorization rules can be bypassed via forward or include dispatcher types

Spring Security, versions 5.7 prior to 5.7.5 and 5.6 prior to 5.6.9 could be susceptible to authorization rules bypass via forward or include dispatcher types. Specifically, an application is vulnerable when all of the following are true: The application expects that Spring Security applies...

UBUNTU-CVE-2022-31692

Spring Security, versions 5.7 prior to 5.7.5 and 5.6 prior to 5.6.9 could be susceptible to authorization rules bypass via forward or include dispatcher types. Specifically, an application is vulnerable when all of the following are true: The application expects that Spring Security applies...

The vulnerability of the Apache Struts software platform, related to improper code generation management, allows attackers to execute arbitrary code.

The vulnerability of the Apache Struts software framework is related to improper code generation during the processing of the includeParams attribute. Exploiting this vulnerability allows an attacker to execute arbitrary code by sending a specially crafted request...

semba.keizai.biz Cross Site Scripting vulnerability OBB-2965164

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Sensio Labs Twig 路径遍历漏洞

Sensio Labs Twig is a PHP templating engine from Sensio Labs, France, which supports custom tags and filters and creates DSLs. A path traversal vulnerability exists in Sensio Labs Twig 1.0.0 and later, versions prior to 1.44.7, 2.0.0 and later, versions prior to 2.15.3, and 3.0.0 and later,...

CVE-2022-40089

A remote file inclusion RFI vulnerability in Simple College Website v1.0 allows attackers to execute arbitrary code via a crafted PHP file. This vulnerability is exploitable when the directive allowurlinclude is set to On...

CVE-2022-40089

A remote file inclusion RFI vulnerability in Simple College Website v1.0 allows attackers to execute arbitrary code via a crafted PHP file. This vulnerability is exploitable when the directive allowurlinclude is set to On...

The vulnerability of the OGNL expression transformation class implementation in the Apache Struts software platform allows a hacker to execute arbitrary code.

The vulnerability of the OGNL expression transformation class implementation in the Apache Struts software platform is related to incorrect code generation during the processing of the includeParams attribute. Exploiting this vulnerability allows an attacker to execute arbitrary code by sending a...

ms-mnhradiste.cz Cross Site Scripting vulnerability OBB-2878018

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

aalborgstift.dk Cross Site Scripting vulnerability OBB-2841857

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

nobull.com Cross Site Scripting vulnerability OBB-2749158

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Stored XSS via Deserialization of Stylesheets

Description Diagram files can contain stylesheets which basically consist of key value pairs that influence the appearance of digram elements. When adding a stylesheet mxStylesheet element it is possible to execute JavaScript code when used in combination with the internal include element. Usuall...

PHP Code Injection by malicious block or filename in Smarty

Impact Template authors could inject php code by choosing a malicous block name or include file name. Sites that cannot fully trust template authors should update asap. Patches Please upgrade to the most recent version of Smarty v3 or v4. Workarounds Is there a way for users to fix or remediate t...

GHSA-4HCH-R9XF-6VFR MJML vulnerable to path traversal

MJML prior to 4.6.3 contains a path traversal vulnerability when processing the mj-include directive within an MJML document...