Description

The Gliffy plugin before 3.7.1 for Atlassian JIRA, and before 4.2 for Atlassian Confluence, does not properly restrict the capabilities of third-party XML parsers, which allows remote attackers to read arbitrary files or cause a denial of service (resource consumption) via unspecified vectors.

Remediation

References

CVE-2012-2928

Related Vulnerabilities

WordPress Plugin Video Lessons Manager-Video Lessons LMS for eLearning Site Cross-Site Scripting (3.5.8)

jQuery Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-23064)

WordPress Plugin Shield Security-Smart Bot Blocking & Intrusion Prevention Cross-Site Scripting (8.2.2)

WordPress Plugin Media Usage Cross-Site Scripting (0.0.4)

Cherokee Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-20798)

Severity

Medium

Classification

CVE-2012-2928 CWE-264

Tags

Missing Update Known Vulnerabilities