Lucene search
K

7 matches found

Positive Technologies
Positive Technologies
added 2023/05/30 12:0 a.m.6 views

PT-2023-24198 · Xibo · Xibo

Name of the Vulnerable Software and Affected Versions: Xibo versions 3.0.0 through 3.3.4 Description: Xibo is a content management system CMS that has an issue where some API routes print a stack trace when called with missing or invalid parameters, revealing sensitive information about the...

5.3CVSS5AI score0.00538EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2023/05/30 12:0 a.m.4 views

PT-2023-24197 · Xibo · Xibo

Name of the Vulnerable Software and Affected Versions: Xibo versions 3.2.0 through 3.3.2 Description: A SQL injection issue was discovered in the /display/map API route, allowing an authenticated user to exfiltrate data from the Xibo database by injecting specially crafted values into the bounds...

6.5CVSS6.6AI score0.00621EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2023/05/30 12:0 a.m.6 views

PT-2023-24195 · Xibo · Xibo

Name of the Vulnerable Software and Affected Versions: Xibo versions 3.2.0 through 3.3.4 Description: A SQL injection issue was discovered in the nameFilter function, allowing an authenticated user to exfiltrate data from the Xibo database by injecting specially crafted values for logical...

6.5CVSS6.7AI score0.00621EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2022/03/01 12:0 a.m.7 views

PT-2022-17501 · Mautic · Mautic

Name of the Vulnerable Software and Affected Versions: Mautic versions prior to 3.3.5 Mautic versions prior to 4.2.0 Description: The default .htaccess file has some restrictions in the access to PHP files to only allow specific PHP files to be executed in the root of the application. However, th...

9.1CVSS7.2AI score0.00502EPSS
Exploits0References7
OSV
OSV
added 2019/06/14 4:26 p.m.5 views

GHSA-V2P6-4MP7-3R9V Regular Expression Denial of Service in underscore.string

Versions of underscore.string prior to 3.3.5 are vulnerable to Regular Expression Denial of Service ReDoS. The function unescapeHTML is vulnerable to ReDoS due to an overly-broad regex. The slowdown is approximately 2s for 50,000 characters but grows exponentially with larger inputs. Recommendati...

5.9AI score
Exploits0References4
OSV
OSV
added 2018/10/19 4:42 p.m.2 views

GHSA-P99P-726H-C8V5 Apache juddi-client vulnerable to XML External Entity (XXE)

In Apache jUDDI 3.2 through 3.3.4, if using the WADL2Java or WSDL2Java classes, which parse a local or remote XML document and then mediates the data structures into UDDI data structures, there are little protections present against entity expansion and DTD type of attacks. Mitigation is to use...

8.1CVSS5.9AI score0.01703EPSS
Exploits0References4
OSV
OSV
added 2018/02/09 7:29 p.m.4 views

CVE-2018-1307

In Apache jUDDI 3.2 through 3.3.4, if using the WADL2Java or WSDL2Java classes, which parse a local or remote XML document and then mediates the data structures into UDDI data structures, there are little protections present against entity expansion and DTD type of attacks. Mitigation is to use...

8.1CVSS5.8AI score0.01703EPSS
Exploits0References2
Rows per page
Query Builder