CWE-97 · Improper Neutralization of Server-Side Includes (SSI) Within a Web Page
5 CVEs classified under CWE-97 (Improper Neutralization of Server-Side Includes (SSI) Within a Web Page). Browse by severity and year.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2025-35996 | Critical | 9.0 | 2025-05-01 | KUNBUS PiCtory version 2.11.1 and earlier are vulnerable when an authenticated remote attacker crafts a special filename that can be stored by API endpoints. T… |
CVE-2025-21103 | High | 7.8 | 2025-02-17 | Dell NetWorker Management Console, version(s) 19.11 through 19.11.0.3 & Versions prior to 19.10.0.7 contain(s) an improper neutralization of server-side vulner… |
CVE-2024-56363 | High | 7.8 | 2024-12-23 | APTRS (Automated Penetration Testing Reporting System) is a Python and Django-based automated reporting tool designed for penetration testers and security orga… |
CVE-2023-53934 | High | 7.5 | 2025-12-18 | A denial of service vulnerability in Kentico Xperience allows attackers to launch DoS attacks via specially crafted requests to the GetResource handler. Improp… |
CVE-2025-36558 | Medium | 6.1 | 2025-05-01 | KUNBUS PiCtory version 2.11.1 and earlier are vulnerable to a cross-site-scripting attack via the sso_token used for authentication. If an attacker provides th… |