6 matches found
CVE-2026-24838 DotNetNuke.Core Vulnerable to Stored XSS via Module Title
DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. Prior to versions 9.13.10 and 10.2.0, module title supports richtext which could include scripts that would execute in certain scenarios. Versions 9.13.10 and 10.2.0 contain a fix for the iss...
XML External Entity (XXE) Injection
RichText is vulnerable to XML External Entity XXE Injection. The vulnerability is due to improper input validation due to unsafe XML elements being processed in user-editable RichText fields, allowing attackers with edit permissions to read server files...
GHSA-CJ3W-G42V-WCJ6 ibexa/fieldtype-richtext allows access to external entities in XML
Impact This security advisory resolves a vulnerability in the RichText field type. By entering a maliciously crafted input into the RichText XML, an attacker could perform an attack using XML external entity XXE injection, which might be able to read files on the server. To exploit this...
GHSA-2JQJ-5QV2-XVCG ezsystems/ezplatform-richtext allows access to external entities in XML
Impact This security advisory resolves a vulnerability in the RichText field type. By entering a maliciously crafted input into the RichText XML, an attacker could perform an attack using XML external entity XXE injection, which might be able to read files on the server. To exploit this...
ezsystems/ezplatform-richtext allows access to external entities in XML
Impact This security advisory resolves a vulnerability in the RichText field type. By entering a maliciously crafted input into the RichText XML, an attacker could perform an attack using XML external entity XXE injection, which might be able to read files on the server. To exploit this...
PT-2025-15997 · Packagist · Ezsystems/Ezplatform-Richtext
Impact This security advisory resolves a vulnerability in the RichText field type. By entering a maliciously crafted input into the RichText XML, an attacker could perform an attack using XML external entity XXE injection, which might be able to read files on the server. To exploit this...