CWE-643
Improper Neutralization of Data within XPath Expressions ('XPath Injection')
Monthly
Information disclosure in F5 BIG-IP Configuration utility allows low-privileged authenticated attackers to access sensitive information through undisclosed pages, affecting the confidentiality of administrative data without requiring user interaction or privileged credentials beyond standard authentication.
Apache HertzBeat versions 1.7.1 through 1.8.0 contain an XPath injection vulnerability that allows authenticated attackers to manipulate XPath queries and potentially extract or modify sensitive data. An attacker with valid credentials can exploit this flaw to bypass access controls and execute arbitrary XPath expressions against the application's XML data stores. Affected users should upgrade to version 1.8.0 immediately as no patch is currently available for earlier versions.
A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software could allow an authenticated, remote attacker to retrieve sensitive information from an. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Information disclosure in F5 BIG-IP Configuration utility allows low-privileged authenticated attackers to access sensitive information through undisclosed pages, affecting the confidentiality of administrative data without requiring user interaction or privileged credentials beyond standard authentication.
Apache HertzBeat versions 1.7.1 through 1.8.0 contain an XPath injection vulnerability that allows authenticated attackers to manipulate XPath queries and potentially extract or modify sensitive data. An attacker with valid credentials can exploit this flaw to bypass access controls and execute arbitrary XPath expressions against the application's XML data stores. Affected users should upgrade to version 1.8.0 immediately as no patch is currently available for earlier versions.
A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software could allow an authenticated, remote attacker to retrieve sensitive information from an. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.