exploitDog

CVE-2018-15805

Опубликовано: 10 дек. 2018

Источник: nvd

CVSS3: 9.1

CVSS2: 6.4

EPSS Низкий

Описание

Accusoft PrizmDoc HTML5 Document Viewer before 13.5 contains an XML external entity (XXE) vulnerability, allowing an attacker to read arbitrary files or cause a denial of service (resource consumption).

Ссылки

https://help.accusoft.com/PrizmDoc/v13.5/HTML/webframe.html#Release_v13_5.html
Release Notes
Vendor Advisory
https://medium.com/%40mrnikhilsri/oob-xxe-in-prizmdoc-cve-2018-15805-dfb1e474345c
https://help.accusoft.com/PrizmDoc/v13.5/HTML/webframe.html#Release_v13_5.html
Release Notes
Vendor Advisory
https://medium.com/%40mrnikhilsri/oob-xxe-in-prizmdoc-cve-2018-15805-dfb1e474345c

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:accusoft:prizmdoc:*:*:*:*:*:*:*:*

Версия до 13.5 (исключая)

EPSS

Процентиль: 61%

0.00418

Низкий

9.1 Critical

CVSS3

6.4 Medium

CVSS2

Дефекты

CWE-611

Связанные уязвимости

GHSA-489f-47v3-x4hm

CVSS3: 9.1

github

больше 3 лет назад

Accusoft PrizmDoc HTML5 Document Viewer before 13.5 contains an XML external entity (XXE) vulnerability, allowing an attacker to read arbitrary files or cause a denial of service (resource consumption).

EPSS

Процентиль: 61%

0.00418

Низкий

9.1 Critical

CVSS3

6.4 Medium

CVSS2

Дефекты

CWE-611