![]() A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM Maximo Application Suite 7.6.1.3 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. Improper restriction of XML external entity references vulnerability exists in FitNesse all releases, which allows a remote unauthenticated attacker to obtain sensitive information, alter data, or cause a denial-of-service (DoS) condition. The identifier of this vulnerability is VDB-257716. The exploit has been disclosed to the public and may be used. The manipulation leads to xml external entity reference. ![]() This vulnerability affects unknown code of the file /ureport/designer/saveReportFile. Libexpat through 2.6.1 allows an XML Entity Expansion attack when there is isolated use of external parsers (created via XML_ExternalEntityParserCreate).Ī vulnerability classified as problematic was found in lakernote EasyAdmin up to 20240315. Version 3.7 fixes this issue by removing subscribe.html from `web_accessible_resources`. ![]() Upon receiving an authenticated request instantiated from an attacker, this integrity is broken. A user of the browser extension may have a private server with dangerous functionality, which is assumed to be safe due to network segmentation. ![]() A CSRF breaks the integrity of servers running on a private network. This issue may lead to `Privilege Escalation`. `subscribe.js` is accessible by an attacker website due to its use in `subscribe.html`, an HTML page that is declared as a `web_accessible_resource` in `manifest.json`. The `subscribe.js` script uses the first parameter from the current URL location as the URL of the RSS feed to subscribe to and checks that the RSS feed is valid XML. An authenticated request is a request where the cookies of the browser are sent along with the request. ![]() A malicious website may be able to coerce the extension to send an authenticated GET request to an arbitrary URL. Versions of Livemarks prior to 3.7 are vulnerable to cross-site request forgery. Livemarks is a browser extension that provides RSS feed bookmark folders. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |