Lucene search
K

6 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2022-2991

Malicious code in bioql PyPI...

9.8CVSS9.5AI score0.03669EPSS
Exploits0References6
OSV
OSV
added 2022/05/17 2:26 a.m.21 views

GHSA-7G54-VGP6-JJ5W XML External Entity Reference in Apache Sling

In the XSS Protection API module before 1.0.12 in Apache Sling, the method XSS.getValidXML uses an insecure SAX parser to validate the input string, which allows for XXE attacks in all scripts which use this method to validate user input, potentially allowing an attacker to read sensitive data on...

9.8CVSS9.1AI score0.03669EPSS
Exploits0References5
Adobe
Adobe
added 2018/02/13 12:0 a.m.37 views

APSB18-04 Security updates available for Adobe Experience Manager

Adobe has released security updates for Adobe Experience Manager. These updates resolve a reflected cross-site scripting vulnerability CVE-2018-4875 rated moderate, and a cross-site scripting vulnerability CVE-2018-4876 in Apache Sling XSS protection API rated important...

6.1CVSS6.1AI score0.04603EPSS
Exploits0Affected Software1
NVD
NVD
added 2017/07/19 3:29 p.m.21 views

CVE-2016-6798

In the XSS Protection API module before 1.0.12 in Apache Sling, the method XSS.getValidXML uses an insecure SAX parser to validate the input string, which allows for XXE attacks in all scripts which use this method to validate user input, potentially allowing an attacker to read sensitive data on...

9.8CVSS9.1AI score0.03669EPSS
Exploits0References2
Prion
Prion
added 2017/07/19 3:29 p.m.17 views

Cross site request forgery (csrf)

In the XSS Protection API module before 1.0.12 in Apache Sling, the method XSS.getValidXML uses an insecure SAX parser to validate the input string, which allows for XXE attacks in all scripts which use this method to validate user input, potentially allowing an attacker to read sensitive data on...

7.5CVSS6AI score0.03669EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2017/07/19 3:0 p.m.88 views

CVE-2016-6798

In Apache Sling, the XSS Protection API module is affected: versions before 1.0.12 use an insecure SAX parser in XSS.getValidXML(), enabling XML External Entity (XXE) attacks. This can allow attackers to read filesystem data, enable SSRF, perform port scanning behind a firewall, or cause DoS. Pub...

9.8CVSS8.9AI score0.03669EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder