PT-2024-25802 · Unknown · Cyclonedx Javascript Library

Name of the Vulnerable Software and Affected Versions: CycloneDX JavaScript library version 6.7.0 Description: The CycloneDX JavaScript library is vulnerable to XML External Entity XXE injections when running the provided XML Validator on arbitrary input. This issue was fixed in version 6.7.1. To...

DEBIAN-CVE-2016-7980

Cross-site request forgery CSRF vulnerability in ecrire/exec/validerxml.php in SPIP 3.1.2 and earlier allows remote attackers to hijack the authentication of administrators for requests that execute the XML validator on a local file via a crafted validerxml request. NOTE: this issue can be combin...