USN-8240-1: Swish-e vulnerabilities

It was discovered that Expat, vendored in Swish-e incorrectly handled certain files. An attacker could possibly use this issue to cause a crash or execute arbitrary code. CVE-2022-25235, CVE-2022-25236...

swishe-xss.txt

--------------------------------------------------------- Portal Name: Swish-e Vendor : http://Swish-e.org Vulnerable File : iucrsearch Dork: Powered by Swish-e swish-e.org Author : PouyaServer , [email protected] Vulnerability : XSS Cross site scripting...