CVE-2021-37823

OpenCart 3.0.3.7 allows users to obtain database information or read server files through SQL injection in the background...

XML External Entity (XXE) Injection

RichText is vulnerable to XML External Entity XXE Injection. The vulnerability is due to improper input validation due to unsafe XML elements being processed in user-editable RichText fields, allowing attackers with edit permissions to read server files...

XML External Entity (XXE) Injection

ibexa/fieldtype-richtext is vulnerable to XML External Entity XXE Injection. The vulnerability is due to improper XML input sanitization due to unsafe elements being allowed in RichText XML, potentially enabling attackers to read server files...

Arbitrary File Read

moodle/moodle is vulnerable to Arbitrary File Read. The vulnerability is due to insufficient input sanitization in the TeX notation filter, which allows an attacker to exploit pdfTeX to read arbitrary files on the server...

JPress suffers from an XML entity injection vulnerability (CNVD-2021-30396)

JPress is a product developed using Java, similar to WordPress. JPress has an XML entity injection vulnerability that can be exploited by an attacker to read server files...

JPress suffers from an XML entity injection vulnerability

JPress a use of Java development, similar to WordPress products. JPress has an XML entity injection vulnerability that can be exploited by an attacker to read server files...