1mhr4b

2 exploits Active since Nov 2024
CVE-2024-50848 NOMISEC MEDIUM WRITEUP
WorldServer 11.8.2 - XML External Entity Injection via Crafted TMX File
An XML External Entity (XXE) vulnerability in the Import object and Translation Memory import functionalities of WorldServer v11.8.2 to access sensitive information and execute arbitrary commands via supplying a crafted .tmx file.
CVSS 6.5
CVE-2024-50849 NOMISEC MEDIUM WRITEUP
WorldServer 11.8.2 - Authenticated Stored Cross-Site Scripting in Rules Functionality
A Stored Cross-Site Scripting (XSS) vulnerability in the "Rules" functionality of WorldServer v11.8.2 allows a remote authenticated attacker to execute arbitrary JavaScript code.
CVSS 4.8