CVE-2020-11541

Published: May 8, 2020Modified: Nov 21, 2024

5.5

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Exploitability: 1.8 / Impact: 3.6

Source: NVD

Description

In TechSmith SnagIt 11.2.1 through 20.0.3, an XML External Entity (XXE) injection issue exists that would allow a local attacker to exfiltrate data under the local Administrator account.

Affected (1)

Products: Techsmith: Snagit

Techsmith

1 product

Snagit

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Techsmith Snagit	From 11.2.1 to 20.0.3

Related CWEs

CWE-611

Improper Restriction of XML External Entity Reference

The product processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output.

References (2)

https://support.techsmith.com/hc/en-us/articles/115006435067-Snagit-Windows-Version-History

Source: cve@mitre.org

Vendor Advisory

https://support.techsmith.com/hc/en-us/articles/115006435067-Snagit-Windows-Version-History

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.