26 matches found
UBUNTU-CVE-2019-10186
A flaw was found in moodle before versions 3.7.1, 3.6.5, 3.5.7. A sesskey CSRF token was not being utilised by the XML loading/unloading admin tool...
CVE-2019-10186
A flaw was found in moodle before versions 3.7.1, 3.6.5, 3.5.7. A sesskey CSRF token was not being utilised by the XML loading/unloading admin tool...
PT-2019-11610 · Moodle +1 · Moodle +1
Name of the Vulnerable Software and Affected Versions: Moodle versions prior to 3.7.1 Moodle versions prior to 3.6.5 Moodle versions prior to 3.5.7 Description: A flaw was found in the XML loading/unloading admin tool where a sesskey CSRF token was not being utilized. Recommendations: For version...
CVE-2018-8940
ClientServiceConfigController.cs in Enghouse Cloud Contact Center Platform 7.2.5 has functionality for loading external XML files and parsing them, allowing an attacker to upload a malicious XML file and reference it in the URL of the application, forcing the application to load and parse the...
CVE-2018-8940
ClientServiceConfigController.cs in Enghouse Cloud Contact Center Platform 7.2.5 has functionality for loading external XML files and parsing them, allowing an attacker to upload a malicious XML file and reference it in the URL of the application, forcing the application to load and parse the...
CVE-2017-12620
When loading models or dictionaries that contain XML it is possible to perform an XXE attack, since Apache OpenNLP is a library, this only affects applications that load models or dictionaries from untrusted sources. The versions 1.5.0 to 1.5.3, 1.6.0, 1.7.0 to 1.7.2, 1.8.0 to 1.8.1 of Apache...