Improper Restriction of XML External Entity Reference vulnerability in Apache Syncope Console.
An administrator with adequate entitlements to create or edit Keymaster parameters via Console can constr
Exposure of Sensitive Information Through Data Queries vulnerability in Apache Syncope.
An administrator with adequate entitlements for Derived Schemas can create a malicious JEXL expression which al
When editing objects in the Syncope Console, incomplete HTML tags could be used to bypass HTML sanitization. This made it possible to inject stored XSS payloads which would trigger for other users dur
Improper Isolation or Compartmentalization vulnerability in Apache Syncope.
An administrator with adequate entitlements for Implementations can create a malicious Groovy class containing untrusted co
Reflected XSS in Apache Syncope's Enduser Login page.
An attacker that tricks a legitimate user into clicking a malicious link and logging in to Syncope Enduser could steal that user's credentials.
T
Improper Restriction of XML External Entity Reference ('XXE') vulnerability in Apache XML Graphics FOP.
This issue affects Apache XML Graphics FOP: 2.9.
Users are recommended to upgrade to version 2
When editing a user, group or any object in the Syncope Console, HTML tags could be added to any text field and could lead to potential exploits.
The same vulnerability was found in the Syncope Enduse
CWE-611 Improper Restriction of XML External Entity Reference vulnerability exists that could cause information disclosure of server-side file contents when an attacker with a Data Center Expert user
Improper Restriction of XML External Entity Reference vulnerability in PruvaSoft Informatics Apinizer Management Console allows Data Serialization External Entities Blowup.
This issue affects Apinize
An XML External Entity (XXE) vulnerability exists in the Ambari/Oozie
project, allowing an attacker to inject malicious XML entities. This
vulnerability occurs due to insecure parsing of XML input u
We found a vulnerability Improper Restriction of XML External Entity Reference (CWE-611) in NB-series NX-Designer. Attackers may be able to abuse this vulnerability to disclose confidential data on a
An XML External Entity (XXE) vulnerability in the component DocumentBuilderFactory of powertac-server v1.9.0 allows attackers to access sensitive information or execute arbitrary code via supplying a
Apache Syncope can be configured to store the user password values in the internal database with AES encryption, though this is not the default option.
When AES is configured, the default key value,
The HTMLSectionSplitter class in langchain-text-splitters version 0.3.8 is vulnerable to XML External Entity (XXE) attacks due to unsafe XSLT parsing. This vulnerability arises because the class allow
XML External Entity (XXE) vulnerability in Terminalfour 8.0.0001 through 8.3.18 and XML JDBC versions up to 1.0.4 allows authenticated users to submit malicious XML via unspecified features which coul
A vulnerability was determined in zhilink 智互联(深圳)科技有限公司 ADP Application Developer Platform 应用开发者平台 1.0.0. This vulnerability affects unknown code of the file /adpweb/a/base/barcodeDetail/import of the
An XML external entity (XXE) injection vulnerability in the component /weixin/aes/XMLParse.java of yimioa before v2024.07.04 allows attackers to execute arbitrary code via supplying a crafted XML file
An XML External Entity (XXE) vulnerability in Elspec Engineering G5 Digital Fault Recorder Firmware v1.2.1.12 allows attackers to cause a Denial of Service (DoS) via a crafted XML payload.
An XML external entities (XXE) injection vulnerability in the /init API endpoint in Exagid EX10 before 6.4.0 P20, 7.0.1 P12, and 7.2.0 P08 allows an authenticated, unprivileged attacker to achieve inf
XML External Entity (XXE) vulnerability in Terminalfour 8.0.0001 through 8.3.18 and XML JDBC versions up to 1.0.4 allows authenticated users to submit malicious XML via unspecified features which coul
Page 1+ Next →