CVE-2022-24891
- EPSS 0.3%
- Published 27.04.2022 21:15:08
- Last modified 21.11.2024 06:51:20
ESAPI (The OWASP Enterprise Security API) is a free, open source, web application security control library. Prior to version 2.3.0.0, there is a potential for a cross-site scripting vulnerability in ESAPI caused by a incorrect regular expression for ...
CVE-2022-23457
- EPSS 0.18%
- Published 25.04.2022 20:15:41
- Last modified 21.11.2024 06:48:35
ESAPI (The OWASP Enterprise Security API) is a free, open source, web application security control library. Prior to version 2.3.0.0, the default implementation of `Validator.getValidDirectoryPath(String, String, File, boolean)` may incorrectly treat...
CVE-2013-5679
- EPSS 0.1%
- Published 30.09.2013 17:09:26
- Last modified 11.04.2025 00:51:21
The authenticated-encryption feature in the symmetric-encryption implementation in the OWASP Enterprise Security API (ESAPI) for Java 2.x before 2.1.0 does not properly resist tampering with serialized ciphertext, which makes it easier for remote att...
CVE-2013-5960
- EPSS 0.24%
- Published 30.09.2013 17:09:26
- Last modified 11.04.2025 00:51:21
The authenticated-encryption feature in the symmetric-encryption implementation in the OWASP Enterprise Security API (ESAPI) for Java 2.x before 2.1.0.1 does not properly resist tampering with serialized ciphertext, which makes it easier for remote a...