6 matches found
EUVD-2022-2991
Malicious code in bioql PyPI...
GHSA-7G54-VGP6-JJ5W XML External Entity Reference in Apache Sling
In the XSS Protection API module before 1.0.12 in Apache Sling, the method XSS.getValidXML uses an insecure SAX parser to validate the input string, which allows for XXE attacks in all scripts which use this method to validate user input, potentially allowing an attacker to read sensitive data on...
APSB18-04 Security updates available for Adobe Experience Manager
Adobe has released security updates for Adobe Experience Manager. These updates resolve a reflected cross-site scripting vulnerability CVE-2018-4875 rated moderate, and a cross-site scripting vulnerability CVE-2018-4876 in Apache Sling XSS protection API rated important...
CVE-2016-6798
In the XSS Protection API module before 1.0.12 in Apache Sling, the method XSS.getValidXML uses an insecure SAX parser to validate the input string, which allows for XXE attacks in all scripts which use this method to validate user input, potentially allowing an attacker to read sensitive data on...
Cross site request forgery (csrf)
In the XSS Protection API module before 1.0.12 in Apache Sling, the method XSS.getValidXML uses an insecure SAX parser to validate the input string, which allows for XXE attacks in all scripts which use this method to validate user input, potentially allowing an attacker to read sensitive data on...
CVE-2016-6798
In Apache Sling, the XSS Protection API module is affected: versions before 1.0.12 use an insecure SAX parser in XSS.getValidXML(), enabling XML External Entity (XXE) attacks. This can allow attackers to read filesystem data, enable SSRF, perform port scanning behind a firewall, or cause DoS. Pub...