![]() This issue affects Apache Tiles from version 2 onwards. Passing user-controlled data to this key may be relatively common, as it was also used like that to set the language in the 'tiles-test' application shipped with Tiles. ** UNSUPPORTED WHEN ASSIGNED ** The value set as the DefaultLocaleResolver.LOCALE_KEY attribute on the session was not validated while resolving XML definition files, leading to possible path traversal and eventually SSRF/XXE when passing user-controlled data to this key. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. ![]() VDB-246134 is the identifier assigned to this vulnerability. The exploit has been disclosed to the public and may be used. The manipulation leads to unrestricted upload. ![]() Affected by this issue is some unknown functionality of the component Apache Struts. The impact of this vulnerability is considered as Low, as the cluster_manager URL should not be exposed outside and is protected by user/password.Ī vulnerability, which was classified as critical, has been found in Xiamen Four-Faith Video Surveillance Management System 2016/2017. By adding a script on the alias parameter on the URL, it adds a new virtual host and adds the script to the cluster-manager page. This issue may allow a malicious user to add a script in the 'alias' parameter in the URL to trigger the stored cross-site scripting (XSS) vulnerability. A flaw was found in the mod_proxy_cluster in the Apache server. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |