CWE-643
Improper Neutralization of Data within XPath Expressions ('XPath Injection')
Monthly
Apache HertzBeat versions 1.7.1 through 1.8.0 contain an XPath injection vulnerability that allows authenticated attackers to manipulate XPath queries and potentially extract or modify sensitive data. An attacker with valid credentials can exploit this flaw to bypass access controls and execute arbitrary XPath expressions against the application's XML data stores. Affected users should upgrade to version 1.8.0 immediately as no patch is currently available for earlier versions.
A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software could allow an authenticated, remote attacker to retrieve sensitive information from an. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Apache HertzBeat versions 1.7.1 through 1.8.0 contain an XPath injection vulnerability that allows authenticated attackers to manipulate XPath queries and potentially extract or modify sensitive data. An attacker with valid credentials can exploit this flaw to bypass access controls and execute arbitrary XPath expressions against the application's XML data stores. Affected users should upgrade to version 1.8.0 immediately as no patch is currently available for earlier versions.
A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software could allow an authenticated, remote attacker to retrieve sensitive information from an. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.