Topic

XXE

A collection of 8 issues

CVE-2022-40942 Tenda TX3 US_TX3V1.0br_V16.03.13.11 is vulnerable to stack overflow via compare_parentcontrol_time.

An attacker can exploit this vulnerability to execute arbitrary code in the context of the application. This attack can be accomplished by crafting a malicious request to the application. It’s strongly recommended to update Tenda TX3 US_TX3V1.0br_V16.03.13.11 as soon as possible. Note that

CVE-2022-37138 The LMS 1.0 is vulnerable to SQL Injection at the login page, which allows attackers to log in as Administrator as username form.

To inject SQL Injection, attacker can send request with SQL statement in the ‘INPUT>’ tag. An attacker can send the following injection request to the login page of Loan Management System to login as Administrator. INPUT type=”hidden” value=”SQL>” ‘ INPUT type=”hidden” value=”SQL>” ‘ In the ‘INPUT>’ tag, attacker

CVE-2022-40323 SysAid Help Desk before 22.1.65 allows XSS in the Password Services module, aka FR# 67241.

This was addressed in 22.1.66.13 and later. Cisco WebEx Teams does not support the use of XSS in any of its components. CVE-2023-40324 This was addressed in 23.1.66.13 and later. Cisco WebEx Teams does not support the use of XML external entities (XXE) in

CVE-2022-37189 DDMAL MEI2Volpiano 0.8.2 is vulnerable to XML External Entity (XXE), leading to a Denial of Service

If external entities are not prevented from being loaded into an application, then they can be used to corrupt data or cause other problems. For example, a malicious user can inject malicious external data into the application that can be used to cause DoS or simply cause problems for the

CVE-2022-29097 Dell WMS 3.6.1 and below contains a Path Traversal vulnerability in Device API

Dell WMS 3.6.2 and onwards contains a Cross-site Request Forgery (CSRF) vulnerability in the Configuration API. A malicious user could potentially exploit this vulnerability, to send malicious requests to the running web application, with the privileges of the running web application. What type of information could be obtained

CVE-2022-22977 VMware Tools contains an XXE vulnerability.

XXE is a type of cross-site scripting (XSS) vulnerability that occurs when untrusted data is fed into a web application. Depending on the context in which the data is used, it can have various impacts. For example, malicious data injected into an email message can be very harmful, as users

CVE-2022-0070 Incomplete fix for CVE-2021-3100

This will ensure that the target JVMs are isolated from each other and that the hotpatch cannot be applied to a process that is already vulnerable to a different type of vulnerability. For example, this change will prevent a hotpatch from being applied to a target JVM that is already

CVE-2022-28219 Cewolf in Zoho ManageEngine ADAudit Plus is vulnerable to an XXE attack that leads to RCE.

It is recommended that you upgrade your Zoho ManageEngine ADAudit Plus installation to version 7060 as soon as possible. This update fixes the XXE vulnerability and prevents it from being exploited. In order to install the update, you will need to have access to the system where the application is