CVSS: 8.6EPSS: 0%CPEs: 1EXPL: 0CVE-2022-38723
https://notcve.org/view.php?id=CVE-2022-38723
Gravitee API Management before 3.15.13 allows path traversal through HTML injection. Gravitee API Management anterior a 3.15.13 permite path traversal mediante inyección de HTML. • https://community.gravitee.io/t/whats-new-in-access-management-3-15-lts/164 https://gist.github.com/garatc/d86cdb1fa2e35a7ee719d9a0de0b5ca3 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2019-25075
https://notcve.org/view.php?id=CVE-2019-25075
HTML injection combined with path traversal in the Email service in Gravitee API Management before 1.25.3 allows anonymous users to read arbitrary files via a /management/users/register request. Una inyección de HTML combinada con un salto de ruta en el servicio de correo electrónico en Gravitee API Management versiones anteriores a 1.25.3, permite a usuarios anónimos leer archivos arbitrarios por medio de una petición /management/users/register. • https://github.com/gravitee-io/gravitee-api-management https://medium.com/%40maxime.escourbiac/write-up-of-path-traversal-on-gravitee-io-8835941be69f • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •