Lucene search
K

5 matches found

Github Security Blog
Github Security Blog
added 2022/05/24 5:0 p.m.32 views

Magento 2 Community Edition XML Injection

An XPath entity injection vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An attacker can craft a GET request to page cache block rendering module that gets passed to XML data processing engine without validation. The crafted key/value GET request data...

9.8CVSS9.5AI score0.01285EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2022/05/24 5:0 p.m.9 views

GHSA-8P5C-F836-M4H7 Magento 2 Community Edition XML Injection

An XPath entity injection vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An attacker can craft a GET request to page cache block rendering module that gets passed to XML data processing engine without validation. The crafted key/value GET request data...

9.8CVSS9.4AI score0.01285EPSS
Exploits0References5
NVD
NVD
added 2019/11/06 1:15 a.m.24 views

CVE-2019-8158

An XPath entity injection vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An attacker can craft a GET request to page cache block rendering module that gets passed to XML data processing engine without validation. The crafted key/value GET request data...

9.8CVSS9.4AI score0.01285EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2013/12/16 6:16 p.m.4 views

Solr: XML eXternal Entity (XXE) flaw in XML and XSLT UpdateRequestHandler

The 1 UpdateRequestHandler for XSLT or 2 XPathEntityProcessor in Apache Solr before 4.1 allows remote attackers to have an unspecified impact via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity XXE issue, different...

7.5CVSS5.8AI score0.114EPSS
Exploits0References4
OSV
OSV
added 2013/12/07 9:55 p.m.4 views

UBUNTU-CVE-2012-6612

The 1 UpdateRequestHandler for XSLT or 2 XPathEntityProcessor in Apache Solr before 4.1 allows remote attackers to have an unspecified impact via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity XXE issue, different...

7.5CVSS5.7AI score0.10075EPSS
Exploits0References4
Rows per page
Query Builder