2 matches found
CVE-2019-25075
Gravitee API Management contains a path traversal + HTML injection vulnerability (CVE-2019-25075). Before version 1.25.3, anonymous users could read arbitrary files via /management/users/register due to the HTML injection path traversal flaw in the Email service. CVSS:3.1 base 6.1 (NETWORK, LOW a...
CVE-2022-38723
CVE-2022-38723 affects Gravitee API Management prior to version 3.15.13, where an HTML-injection flaw enables path traversal. Multiple connected sources confirm the vulnerability exists in Gravitee API Management before 3.15.13 and describe the underlying issue as HTML injection that allows path ...