7 matches found
PT-2023-24198 · Xibo · Xibo
Name of the Vulnerable Software and Affected Versions: Xibo versions 3.0.0 through 3.3.4 Description: Xibo is a content management system CMS that has an issue where some API routes print a stack trace when called with missing or invalid parameters, revealing sensitive information about the...
PT-2023-24197 · Xibo · Xibo
Name of the Vulnerable Software and Affected Versions: Xibo versions 3.2.0 through 3.3.2 Description: A SQL injection issue was discovered in the /display/map API route, allowing an authenticated user to exfiltrate data from the Xibo database by injecting specially crafted values into the bounds...
PT-2023-24195 · Xibo · Xibo
Name of the Vulnerable Software and Affected Versions: Xibo versions 3.2.0 through 3.3.4 Description: A SQL injection issue was discovered in the nameFilter function, allowing an authenticated user to exfiltrate data from the Xibo database by injecting specially crafted values for logical...
PT-2022-17501 · Mautic · Mautic
Name of the Vulnerable Software and Affected Versions: Mautic versions prior to 3.3.5 Mautic versions prior to 4.2.0 Description: The default .htaccess file has some restrictions in the access to PHP files to only allow specific PHP files to be executed in the root of the application. However, th...
GHSA-V2P6-4MP7-3R9V Regular Expression Denial of Service in underscore.string
Versions of underscore.string prior to 3.3.5 are vulnerable to Regular Expression Denial of Service ReDoS. The function unescapeHTML is vulnerable to ReDoS due to an overly-broad regex. The slowdown is approximately 2s for 50,000 characters but grows exponentially with larger inputs. Recommendati...
GHSA-P99P-726H-C8V5 Apache juddi-client vulnerable to XML External Entity (XXE)
In Apache jUDDI 3.2 through 3.3.4, if using the WADL2Java or WSDL2Java classes, which parse a local or remote XML document and then mediates the data structures into UDDI data structures, there are little protections present against entity expansion and DTD type of attacks. Mitigation is to use...
CVE-2018-1307
In Apache jUDDI 3.2 through 3.3.4, if using the WADL2Java or WSDL2Java classes, which parse a local or remote XML document and then mediates the data structures into UDDI data structures, there are little protections present against entity expansion and DTD type of attacks. Mitigation is to use...