xwiki-platform-web-templates vulnerable to Eval Injection

Impact Any user with edit rights on a page e.g., it's own user page, can execute arbitrary Groovy, Python or Velocity code in XWiki leading to full access to the XWiki installation. The root cause is improper escaping of the information loaded from attachments in imported.vm, importinline.vm, and...

SUSE CVE-2007-1349

PerlRun.pm in Apache modperl before 1.30, and RegistryCooker.pm in modperl 2.x, does not properly escape PATHINFO before use in a regular expression, which allows remote attackers to cause a denial of service resource consumption via a crafted URI...

CVE-2022-41240

Jenkins Walti Plugin 1.0.1 and earlier does not escape the information provided by the Walti API, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to provide malicious API responses from Walti...

GHSA-C8MG-WP7H-F2PF Subrion CMS XSS

Subrion CMS v4.2.1 is vulnerable to Stored XSS because of no escaping added to the tooltip information being displayed in multiple areas...