TwsCachedXPathAPI in Convertigo through 8.3.4 does not restrict the use of commons-jxpath APIs. Rated low severity (CVSS 2.2). Public exploit code available and no vendor patch available.
Information Disclosure
Convertigo
NVD
GitHub
CVSS 3.1
2.2
EPSS
0.1%