93 matches found
UBUNTU-CVE-2015-20108
xmlsecurity.rb in the ruby-saml gem before 1.0.0 for Ruby allows XPath injection and code execution because prepared statements are not used...
Cross-site Scripting (XSS)
cacti is vulnerable to Cross-site Scripting XSS. The vulnerability exists due to the improper escaping of error message during template import preview in the xmlpath field in the templatesimport.php, allowing an attacker to inject and execute malicious javascript...
CVE-2023-26261
In UBIKA WAAP Gateway/Cloud through 6.10, a blind XPath injection leads to an authentication bypass by stealing the session of another connected user. The fixed versions are WAAP Gateway & Cloud 6.11.0 and 6.5.6-patch15...
GHSA-WRX5-RP7M-MM49 Withdrawn: CVE Rejected: JXPath vulnerable to remote code execution when interpreting untrusted XPath expressions
This advisory has been withdrawn due to the CVE being rejected. Original advisory text Those using JXPath to interpret untrusted XPath expressions may be vulnerable to a remote code execution attack. All JXPathContext class functions processing a XPath string are vulnerable except compile and...
KenSite SQL注入漏洞
KenSite is SeeYoui individual developers based on a number of excellent open source projects , highly integrated and packaged into an efficient , high-performance , strong security of the open source Java EE rapid development platform . KenSite v1.0 version of a security vulnerability , the...
XPath Injection Authentication Bypass
XML Path Language XPath queries are used by web applications for selecting nodes from XML documents. Once selected, the value of these nodes can then be used by the application. A simple example for the use of XML documents is to store user information. As part of the authentication process, the...
CVE-2022-34812
A cross-site request forgery CSRF vulnerability in Jenkins XPath Configuration Viewer Plugin 1.1.1 and earlier allows attackers to create and delete XPath expressions...
Jenkins Plugin XPath Configuration Viewer 安全漏洞
Jenkins and Jenkins Plugin are both Jenkins open source products. jenkins is an application. Jenkins Plugin is an application that provides hundreds of plug-ins to support building, deploying, and automating any project. Jenkins XPath Configuration Viewer has a security vulnerability that stems...
GHSA-QJ27-W92H-FC9R XML external entity (XXE) vulnerability in Jenkins
XML external entity XXE vulnerability in Jenkins before 1.600 and LTS before 1.596.1 allows remote attackers to read arbitrary XML files via an XPath query...
USN-5388-1 openjdk-lts vulnerabilities
It was discovered that OpenJDK incorrectly limited memory when compiling a specially crafted XPath expression. An attacker could possibly use this issue to cause a denial of service. CVE-2022-21426 It was discovered that OpenJDK incorrectly handled converting certain object arguments into their...
CVE-2022-24309
A vulnerability has been identified in Mendix Runtime V7 All versions V7.23.29, Mendix Runtime V8 All versions V8.18.16, Mendix Runtime V9 All versions V9.13 only with Runtime Custom Setting DataStorage.UseNewQueryHandler set to False. If an entity has an association readable by the user, then in...
Cacti cross-site scripting vulnerability (CNVD-2020-66087)
Cacti is a set of open source network traffic monitoring and analysis tools from the Cacti team. The tool through snmpget to get the data , using RRDtool drawing graphs to analyze , and provide data and user management features . A cross-site scripting vulnerability exists in Cacti version 1.2.13...
Cacti < 1.2.14 XSS Vulnerability - Linux
Cacti is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
DEBIAN-CVE-2020-25706
A cross-site scripting XSS vulnerability exists in templatesimport.php Cacti 1.2.13 due to Improper escaping of error message during template import preview in the xmlpath field...
Cross site scripting
A cross-site scripting XSS vulnerability exists in templatesimport.php Cacti 1.2.13 due to Improper escaping of error message during template import preview in the xmlpath field...
OpenJDK: Unexpected exception thrown by XPath processing crafted XPath expression (JAXP, 8224532)
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: JAXP. Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple...
CVE-2019-0370
Due to missing input validation, SAP Financial Consolidation, before versions 10.0 and 10.1, enables an attacker to use crafted input to interfere with the structure of the surrounding query leading to XPath Injection...
CVE-2018-19546
JTBCPHP 3.0.1.7 has CSRF via the console/xml/manage.php?type=action&action=edit URI, as demonstrated by an XSS payload in the content parameter...
Sophos Endpoint Protection Plaintext Password Disclosure Vulnerability
Sophos Endpoint Protection helps protect your workstation by adding prevention, detection and response technologies to your operating system. A plaintext password disclosure vulnerability exists in Sophos Endpoint Protection 10.7. The vulnerability arises because Sophos Endpoint Protection uses...
CVE-2017-12439
SocuSoft Flash Slideshow Maker Professional through v5.20, when the advanced configuration is used, has an xmlpath HTTP parameter that trusts user-supplied input, in conjunction with an unsafe XML configuration file. This has resultant content forgery, cross site scripting, and unvalidated...