2 matches found
CVE-2021-40690
The CVE-2021-40690 issue affects Apache Santuario – XML Security for Java. All versions prior to 2.2.3 and 2.1.7 are vulnerable due to the "secureValidation" property not being passed when creating a KeyInfo from a KeyInfoReference element, enabling an XPath Transform abuse to extract local .xml ...
CVE-2018-8031
CVE-2018-8031 describes a Cross-site Scripting (XSS) vulnerability in the Apache TomEE console (tomee-webapp). The issue could allow arbitrary JavaScript execution when a user visits a malicious URL. TomEE bundles without this application or after setup, the UI can be removed to mitigate exposure...