CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

A directory traversal vulnerability in Oxygen XML Web Author before 25.0.0.3 build 2023021715 and Oxygen Content Fusion before 5.0.3 build 2023022015 allows an attacker to read files from a WEB-INF directory via a crafted HTTP request. XML Web Author 24.1.0.3 build 2023021714 and 23.1.1.4 build...

5.3CVSS6.7AI score0.0025EPSS

Exploits0References1

RedhatCVE•added 2025/05/22 6:55 p.m.•7 views

CVE-2021-46827

An issue was discovered in Oxygen XML WebHelp before 22.1 build 2021082006 and 23.x before 23.1 build 2021090310. An XSS vulnerability in search terms proposals in online documentation generated using Oxygen XML WebHelp allows attackers to execute JavaScript by convincing a user to type specific...

6.1CVSS6.3AI score0.00669EPSS

Exploits0

RedhatCVE•added 2025/02/14 9:16 a.m.•6 views

CVE-2024-25662

Oxygen XML Web Author v26.0.0 and older and Oxygen Content Fusion v6.1 and older are vulnerable to Cross-Site Scripting XSS for malicious URLs...

6.1CVSS5.9AI score0.0021EPSS

Exploits0References1

NVD•added 2024/05/14 3:5 p.m.•4 views

CVE-2024-25662

Oxygen XML Web Author v26.0.0 and older and Oxygen Content Fusion v6.1 and older are vulnerable to Cross-Site Scripting XSS for malicious URLs...

6.1CVSS5.8AI score0.0021EPSS

Exploits0References1

Cvelist•added 2024/05/13 7:9 p.m.•11 views

CVE-2024-25662

Oxygen XML Web Author v26.0.0 and older and Oxygen Content Fusion v6.1 and older are vulnerable to Cross-Site Scripting XSS for malicious URLs...

5.9AI score0.0021EPSS

Exploits0References1

CVE•added 2024/05/13 7:9 p.m.•116 views

CVE-2024-25662

CVE-2024-25662 affects Oxygen XML Web Author (prior to v26.0.0) and Oxygen Content Fusion (prior to v6.1). The vulnerability is Cross‑Site Scripting (XSS) triggered by malicious URLs, as described in multiple sources (e.g., Oxygen advisory). The core issue is an XSS exposure in handling URLs with...

6.1CVSS6AI score0.0021EPSS

Exploits0References1

Vulnrichment•added 2024/05/13 7:9 p.m.•11 views

CVE-2024-25662

Oxygen XML Web Author v26.0.0 and older and Oxygen Content Fusion v6.1 and older are vulnerable to Cross-Site Scripting XSS for malicious URLs...

6AI score0.0021EPSS

Exploits0References1

Positive Technologies•added 2024/05/13 12:0 a.m.•2 views

PT-2024-21079 · Syncro Soft · Oxygen Xml Web Author +1

Name of the Vulnerable Software and Affected Versions: Oxygen XML Web Author versions prior to 26.0.0 Oxygen Content Fusion versions prior to 6.1 Description: The issue allows for Cross-Site Scripting XSS attacks using malicious URLs. Recommendations: For Oxygen XML Web Author versions prior to...

6.1CVSS6.3AI score0.0021EPSS

Exploits0References2

NVD•added 2023/04/14 1:15 p.m.•8 views

CVE-2023-26559

5.3CVSS5.1AI score0.0025EPSS

Exploits0References2

Prion•added 2023/04/14 1:15 p.m.•12 views

Directory traversal

5CVSS5.1AI score0.0025EPSS

Exploits0References2Affected Software2

Vulnrichment•added 2023/04/14 12:0 a.m.•6 views

CVE-2023-26559

6.7AI score0.0025EPSS

Exploits0References2

Cvelist•added 2023/04/14 12:0 a.m.•10 views

CVE-2023-26559

5.4AI score0.0025EPSS

Exploits0References2

CNNVD•added 2023/04/14 12:0 a.m.•3 views

Syncro Soft Oxygen XML WebHelp 路径遍历漏洞

Syncro Soft Oxygen XML WebHelp is for converting DITA and DocBook resources to WebHelp output from Syncro Soft Romania. A security vulnerability exists in Oxygen XML Web Author versions prior to 25.0.0.3 build 2023021715, Oxygen Content Fusion versions prior to 5.0.3 build 2023022015, which...

5.3CVSS5.8AI score0.0025EPSS

Exploits0References3

CVE•added 2023/04/14 12:0 a.m.•56 views

CVE-2023-26559

The CVE-2023-26559 entry describes a directory traversal flaw in Syncro Soft Oxygen XML Web Author (pre-25.0.0.3 build 2023021715) and Oxygen Content Fusion (pre-5.0.3 build 2023022015) that lets an attacker read files under WEB-INF via a crafted HTTP request. Affected versions include XML Web Au...

5.3CVSS5.1AI score0.0025EPSS

Exploits0References2Affected Software2