Lucene search
K

93 matches found

OSV
OSV
added 2023/05/27 7:15 p.m.36 views

UBUNTU-CVE-2015-20108

xmlsecurity.rb in the ruby-saml gem before 1.0.0 for Ruby allows XPath injection and code execution because prepared statements are not used...

9.8CVSS7.7AI score0.01332EPSS
Exploits0References6
Veracode
Veracode
added 2023/03/12 4:6 p.m.40 views

Cross-site Scripting (XSS)

cacti is vulnerable to Cross-site Scripting XSS. The vulnerability exists due to the improper escaping of error message during template import preview in the xmlpath field in the templatesimport.php, allowing an attacker to inject and execute malicious javascript...

6.1CVSS6.5AI score0.02783EPSS
Exploits1References5Affected Software1
OSV
OSV
added 2023/03/08 3:15 p.m.7 views

CVE-2023-26261

In UBIKA WAAP Gateway/Cloud through 6.10, a blind XPath injection leads to an authentication bypass by stealing the session of another connected user. The fixed versions are WAAP Gateway & Cloud 6.11.0 and 6.5.6-patch15...

9.8CVSS7.3AI score0.0084EPSS
Exploits0References2
OSV
OSV
added 2022/10/06 6:52 p.m.7 views

GHSA-WRX5-RP7M-MM49 Withdrawn: CVE Rejected: JXPath vulnerable to remote code execution when interpreting untrusted XPath expressions

This advisory has been withdrawn due to the CVE being rejected. Original advisory text Those using JXPath to interpret untrusted XPath expressions may be vulnerable to a remote code execution attack. All JXPathContext class functions processing a XPath string are vulnerable except compile and...

9.8CVSS7.6AI score
Exploits1References5
CNNVD
CNNVD
added 2022/08/26 12:0 a.m.4 views

KenSite SQL注入漏洞

KenSite is SeeYoui individual developers based on a number of excellent open source projects , highly integrated and packaged into an efficient , high-performance , strong security of the open source Java EE rapid development platform . KenSite v1.0 version of a security vulnerability , the...

8.8CVSS7.9AI score0.00888EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2022/07/18 12:0 a.m.35 views

XPath Injection Authentication Bypass

XML Path Language XPath queries are used by web applications for selecting nodes from XML documents. Once selected, the value of these nodes can then be used by the application. A simple example for the use of XML documents is to store user information. As part of the authentication process, the...

7.8AI score
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2022/06/30 6:15 p.m.2 views

CVE-2022-34812

A cross-site request forgery CSRF vulnerability in Jenkins XPath Configuration Viewer Plugin 1.1.1 and earlier allows attackers to create and delete XPath expressions...

4.3CVSS5.8AI score0.00454EPSS
Exploits0References2
CNNVD
CNNVD
added 2022/06/30 12:0 a.m.5 views

Jenkins Plugin XPath Configuration Viewer 安全漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products. jenkins is an application. Jenkins Plugin is an application that provides hundreds of plug-ins to support building, deploying, and automating any project. Jenkins XPath Configuration Viewer has a security vulnerability that stems...

4.3CVSS5.6AI score0.00557EPSS
Exploits0References5
OSV
OSV
added 2022/05/24 5:6 p.m.9 views

GHSA-QJ27-W92H-FC9R XML external entity (XXE) vulnerability in Jenkins

XML external entity XXE vulnerability in Jenkins before 1.600 and LTS before 1.596.1 allows remote attackers to read arbitrary XML files via an XPath query...

7.5CVSS6AI score0.01414EPSS
Exploits0References3
OSV
OSV
added 2022/04/26 11:49 a.m.3 views

USN-5388-1 openjdk-lts vulnerabilities

It was discovered that OpenJDK incorrectly limited memory when compiling a specially crafted XPath expression. An attacker could possibly use this issue to cause a denial of service. CVE-2022-21426 It was discovered that OpenJDK incorrectly handled converting certain object arguments into their...

7.5CVSS6.3AI score0.04046EPSS
Exploits0References6
OSV
OSV
added 2022/03/08 12:15 p.m.3 views

CVE-2022-24309

A vulnerability has been identified in Mendix Runtime V7 All versions V7.23.29, Mendix Runtime V8 All versions V8.18.16, Mendix Runtime V9 All versions V9.13 only with Runtime Custom Setting DataStorage.UseNewQueryHandler set to False. If an entity has an association readable by the user, then in...

8.1CVSS5.7AI score0.00577EPSS
Exploits0References2
CNVD
CNVD
added 2020/11/19 12:0 a.m.2 views

Cacti cross-site scripting vulnerability (CNVD-2020-66087)

Cacti is a set of open source network traffic monitoring and analysis tools from the Cacti team. The tool through snmpget to get the data , using RRDtool drawing graphs to analyze , and provide data and user management features . A cross-site scripting vulnerability exists in Cacti version 1.2.13...

6.1CVSS8.9AI score0.02783EPSS
Exploits1References1
OpenVAS
OpenVAS
added 2020/11/13 12:0 a.m.20 views

Cacti < 1.2.14 XSS Vulnerability - Linux

Cacti is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.1CVSS7.4AI score0.02783EPSS
Exploits1References1
OSV
OSV
added 2020/11/12 2:15 p.m.1 views

DEBIAN-CVE-2020-25706

A cross-site scripting XSS vulnerability exists in templatesimport.php Cacti 1.2.13 due to Improper escaping of error message during template import preview in the xmlpath field...

6.1CVSS7.1AI score0.02783EPSS
Exploits1References1
Prion
Prion
added 2020/11/12 2:15 p.m.24 views

Cross site scripting

A cross-site scripting XSS vulnerability exists in templatesimport.php Cacti 1.2.13 due to Improper escaping of error message during template import preview in the xmlpath field...

4.3CVSS5.9AI score0.02783EPSS
Exploits1References4Affected Software2
RedHat Linux
RedHat Linux
added 2019/10/21 7:2 p.m.6 views

OpenJDK: Unexpected exception thrown by XPath processing crafted XPath expression (JAXP, 8224532)

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: JAXP. Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple...

4.3CVSS7.4AI score0.03749EPSS
Exploits0References4
OSV
OSV
added 2019/10/08 8:15 p.m.5 views

CVE-2019-0370

Due to missing input validation, SAP Financial Consolidation, before versions 10.0 and 10.1, enables an attacker to use crafted input to interfere with the structure of the surrounding query leading to XPath Injection...

6.5CVSS6.6AI score0.00721EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2018/11/26 7:29 a.m.3 views

CVE-2018-19546

JTBCPHP 3.0.1.7 has CSRF via the console/xml/manage.php?type=action&action=edit URI, as demonstrated by an XSS payload in the content parameter...

8.8CVSS5.4AI score0.00544EPSS
Exploits1References3
CNVD
CNVD
added 2018/04/09 12:0 a.m.9 views

Sophos Endpoint Protection Plaintext Password Disclosure Vulnerability

Sophos Endpoint Protection helps protect your workstation by adding prevention, detection and response technologies to your operating system. A plaintext password disclosure vulnerability exists in Sophos Endpoint Protection 10.7. The vulnerability arises because Sophos Endpoint Protection uses...

7.8CVSS6.8AI score0.01744EPSS
Exploits5References1
OSV
OSV
added 2017/08/05 3:29 p.m.4 views

CVE-2017-12439

SocuSoft Flash Slideshow Maker Professional through v5.20, when the advanced configuration is used, has an xmlpath HTTP parameter that trusts user-supplied input, in conjunction with an unsafe XML configuration file. This has resultant content forgery, cross site scripting, and unvalidated...

7.5CVSS5.2AI score0.00639EPSS
Exploits1References1
Rows per page
Query Builder