2 matches found
CVE-2019-7722
PMD 5.8.1 and earlier is vulnerable to XML External Entity (XXE) processing in ruleset files parsed during analysis. The underlying issue is the handling of XML external entities, which attackers can exploit by tampering with the ruleset (direct modification or via MITM when remote rulesets are u...
CVE-2026-28338
PMD is affected in versions prior to 7.22.0 where the legacy report formats vbhtml and yahtml insert rule-violation messages into HTML without escaping, causing potential cross-site scripting if untrusted source code contains crafted strings. The vulnerability does not affect the default html for...