Vulnerabilities > Sync > Oxygen XML WEB Author > 25.0.0.0

DATE CVE VULNERABILITY TITLE RISK
2023-04-14 CVE-2023-26559 Path Traversal vulnerability in Sync Oxygen Content Fusion and Oxygen XML web Author
A directory traversal vulnerability in Oxygen XML Web Author before 25.0.0.3 build 2023021715 and Oxygen Content Fusion before 5.0.3 build 2023022015 allows an attacker to read files from a WEB-INF directory via a crafted HTTP request.
network
low complexity
sync CWE-22
5.3
5.3