Princexml

princexml

1 CVE • 1 product

Products (1)

Click to collapse

Toggle

Princexml

princexml

1 CVE

CVEs (1)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2018-19858 1Princexml 1Princexml Nov 21, 2024 Jan 30, 2019 N/A· v4 8.6 HIGH· v3 5.0 MEDIUM· v2 PrinceXML, versions 10 and below, is vulnerable to XXE due to the lack of protection against external entities. If an attacker passes HTML referencing an XML file (e.g., in an IFRAME element), PrinceXML will fetch the XM...Show more PrinceXML, versions 10 and below, is vulnerable to XXE due to the lack of protection against external entities. If an attacker passes HTML referencing an XML file (e.g., in an IFRAME element), PrinceXML will fetch the XML and parse it, thus giving an attacker file-read access and full-fledged SSRF.Show less

CVE

VENDORS

PRODUCTS

UPDATED

PUBLISHED

CVSS

CVE-2018-19858

1Princexml

Nov 21, 2024

Jan 30, 2019

N/A· v4

8.6 HIGH· v3

5.0 MEDIUM· v2

PrinceXML, versions 10 and below, is vulnerable to XXE due to the lack of protection against external entities. If an attacker passes HTML referencing an XML file (e.g., in an IFRAME element), PrinceXML will fetch the XM...Show more