2 results (0.003 seconds)

CVSS: 6.9EPSS: 0%CPEs: 1EXPL: 0

In Gliffy Online an insecure configuration was discovered in versions before 4.14.0-6 In Gliffy Online an insecure configuration was discovered in versions before 4.14.0-6. Reported by Ather Iqbal. • https://portal.perforce.com/s/detail/a91PA000001SZVJYA4 • CWE-942: Permissive Cross-domain Policy with Untrusted Domains •

CVSS: 6.4EPSS: 1%CPEs: 29EXPL: 0

The Gliffy plugin before 3.7.1 for Atlassian JIRA, and before 4.2 for Atlassian Confluence, does not properly restrict the capabilities of third-party XML parsers, which allows remote attackers to read arbitrary files or cause a denial of service (resource consumption) via unspecified vectors. El complemento Gliffy para Atlassian JIRA v3.7.1, y en version anteriores ala v4.2 para Atlassian Confluence, no restringe correctamente las capacidades de los analizadores XML de tercer nivel, lo que permite leer ficheros de su elección o causar una denegación de servicio (por excesivo consumo de recursos) a atacantes remotos a través de vectores no especificados. • http://confluence.atlassian.com/display/DOC/Confluence+Security+Advisory+2012-05-17 http://confluence.atlassian.com/display/JIRA/JIRA+Security+Advisory+2012-05-17 http://osvdb.org/81993 http://secunia.com/advisories/49166 http://www.securityfocus.com/bid/53595 https://exchange.xforce.ibmcloud.com/vulnerabilities/75697 • CWE-264: Permissions, Privileges, and Access Controls •