exploitDog

GHSA-ggpq-cprg-v67r

Опубликовано: 06 дек. 2022

Источник: github

Github: Не прошло ревью

CVSS3: 4.9

Описание

An XML external entity (XXE) injection vulnerability in Kwoksys Kwok Information Server before v2.9.5.SP31 allows remote authenticated users to conduct server-side request forgery (SSRF) attacks.

An XML external entity (XXE) injection vulnerability in Kwoksys Kwok Information Server before v2.9.5.SP31 allows remote authenticated users to conduct server-side request forgery (SSRF) attacks.

Ссылки

EPSS

Процентиль: 68%

0.0056

Низкий

4.9 Medium

CVSS3

CVE ID

Дефекты

CWE-611

Связанные уязвимости

CVE-2022-45326

CVSS3: 4.9

nvd

около 3 лет назад

An XML external entity (XXE) injection vulnerability in Kwoksys Kwok Information Server before v2.9.5.SP31 allows remote authenticated users to conduct server-side request forgery (SSRF) attacks.

EPSS

Процентиль: 68%

0.0056

Низкий

4.9 Medium

CVSS3

CVE ID

Дефекты

CWE-611