CVE-2023-28152

Опубликовано: 24 мар. 2023

Источник: nvd

CVSS3: 5.3

CVSS3: 9.8

EPSS Низкий

Описание

An issue was discovered in Independentsoft JWord before 1.1.110. The API is prone to XML external entity (XXE) injection via a remote DTD in a DOCX file.

Ссылки

https://cds.thalesgroup.com/en/tcs-cert/CVE-2023-28152
https://excellium-services.com/cert-xlm-advisory/CVE-2023-28152
Third Party Advisory
https://www.independentsoft.de/jword/index.html
Product
https://excellium-services.com/cert-xlm-advisory/CVE-2023-28152
Third Party Advisory
https://www.independentsoft.de/jword/index.html
Product

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:independentsoft:jword:*:*:*:*:*:*:*:*

Версия до 1.1.110 (исключая)

EPSS

Процентиль: 23%

0.00078

Низкий

5.3 Medium

CVSS3

9.8 Critical

CVSS3

Дефекты

CWE-611

Связанные уязвимости

GHSA-5c5q-xj8p-hrg3

CVSS3: 9.8

github

почти 3 года назад

An issue was discovered in Independentsoft JWord before 1.1.110. The API is prone to XML external entity (XXE) injection via a remote DTD in a DOCX file.

EPSS

Процентиль: 23%

0.00078

Низкий

5.3 Medium

CVSS3

9.8 Critical

CVSS3

Дефекты

CWE-611