Описание
NovaRad NovaPACS Diagnostics Viewer 8.5.19.75 contains an unauthenticated XML External Entity (XXE) injection vulnerability in XML preference import settings. Attackers can craft malicious XML files with DTD parameter entities to retrieve arbitrary system files through an out-of-band channel attack.
EPSS
Процентиль: 13%
0.00044
Низкий
9.8 Critical
CVSS3
Дефекты
CWE-611
Связанные уязвимости
CVSS3: 9.8
github
около 1 месяца назад
NovaRad NovaPACS Diagnostics Viewer 8.5.19.75 contains an unauthenticated XML External Entity (XXE) injection vulnerability in XML preference import settings. Attackers can craft malicious XML files with DTD parameter entities to retrieve arbitrary system files through an out-of-band channel attack.
EPSS
Процентиль: 13%
0.00044
Низкий
9.8 Critical
CVSS3
Дефекты
CWE-611