65 matches found
XML External Entity (XXE) Injection
peppolpy is vulnerable to XML External Entity XXE injection. The vulnerability is due to insecure Saxon XML parser configuration, where external entities are allowed during XML invoice validation, enabling attackers to read local files and exfiltrate their contents to a remote host...
CVE-2025-66371
Peppol-py before 1.1.1 allows XXE attacks because of the Saxon configuration. When validating XML-based invoices, the XML parser could read files from the filesystem and expose their content to a remote host...
GHSA-24HM-WM2H-H8W7 Peppol-py is vulnerable to XXE attacks due to Saxon configuration
Peppol-py before 1.1.1 allows XXE attacks because of the Saxon configuration. When validating XML-based invoices, the XML parser could read files from the filesystem and expose their content to a remote host...
Peppol-py is vulnerable to XXE attacks due to Saxon configuration
Peppol-py before 1.1.1 allows XXE attacks because of the Saxon configuration. When validating XML-based invoices, the XML parser could read files from the filesystem and expose their content to a remote host...
CVE-2025-66371
Peppol-py before 1.1.1 allows XXE attacks because of the Saxon configuration. When validating XML-based invoices, the XML parser could read files from the filesystem and expose their content to a remote host...
CVE-2025-66371
Peppol-py before 1.1.1 allows XXE attacks because of the Saxon configuration. When validating XML-based invoices, the XML parser could read files from the filesystem and expose their content to a remote host...
EUVD-2025-199852
Peppol-py before 1.1.1 allows XXE attacks because of the Saxon configuration. When validating XML-based invoices, the XML parser could read files from the filesystem and expose their content to a remote host...
CVE-2025-66371
Peppol-py before 1.1.1 allows XXE attacks because of the Saxon configuration. When validating XML-based invoices, the XML parser could read files from the filesystem and expose their content to a remote host...
CVE-2025-66371
CVE-2025-66371 affects Peppol-py prior to 1.1.1. The issue is an XXE vulnerability caused by Saxon configuration that allows the XML parser to read local files during XML-based invoice validation, potentially exposing content to a remote host. Multiple sources (RedHat, CIRCL, OSV, NVD, Snyk, CNNV...
PT-2025-48313
Name of the Vulnerable Software and Affected Versions Peppol-py versions prior to 1.1.1 Description Peppol-py before version 1.1.1 contains a flaw due to the Saxon configuration that allows for XML External Entity XXE attacks. When processing XML-based invoices, the XML parser is susceptible to...
CVE-2025-66371
Peppol-py before 1.1.1 allows XXE attacks because of the Saxon configuration. When validating XML-based invoices, the XML parser could read files from the filesystem and expose their content to a remote host...
Peppol-py 代码问题漏洞
Peppol-py is a Python library open-sourced by Iteras. A code issue vulnerability exists in Peppol-py versions prior to 1.1.1, which stems from a Saxon misconfiguration that could lead to an XXE attack...
CVE-2025-60198
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in dedalx Saxon - Viral Content Blog & Magazine Marketing WordPress Theme saxon allows PHP Local File Inclusion.This issue affects Saxon - Viral Content Blog & Magazine Marketing...
EUVD-2025-38117
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in dedalx Saxon - Viral Content Blog & Magazine Marketing WordPress Theme saxon allows PHP Local File Inclusion.This issue affects Saxon - Viral Content Blog & Magazine Marketing...
CVE-2025-60198
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in dedalx Saxon - Viral Content Blog & Magazine Marketing WordPress Theme saxon allows PHP Local File Inclusion.This issue affects Saxon - Viral Content Blog & Magazine Marketing...
CVE-2025-60198 WordPress Saxon - Viral Content Blog & Magazine Marketing WordPress Theme theme <= 1.9.3 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in dedalx Saxon - Viral Content Blog & Magazine Marketing WordPress Theme saxon allows PHP Local File Inclusion.This issue affects Saxon - Viral Content Blog & Magazine Marketing...
CVE-2025-60198 WordPress Saxon - Viral Content Blog & Magazine Marketing WordPress Theme theme <= 1.9.3 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in dedalx Saxon - Viral Content Blog & Magazine Marketing WordPress Theme saxon allows PHP Local File Inclusion.This issue affects Saxon - Viral Content Blog & Magazine Marketing...
CVE-2025-60198
CVE-2025-60198 affects the WordPress plugin/theme Saxon – Viral Content Blog & Magazine Marketing WordPress Theme (Saxon) up to version 1.9.3. The issue is an improper control of the filename for include/require statements, enabling PHP Local File Inclusion. Affected component: Saxon theme (PHP c...
WordPress plugin Saxon 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...
PT-2025-45271
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in dedalx Saxon - Viral Content Blog & Magazine Marketing WordPress Theme saxon allows PHP Local File Inclusion.This issue affects Saxon - Viral Content Blog & Magazine Marketing...