exploitDog

CVE-2023-52239

Опубликовано: 06 фев. 2024

Источник: nvd

CVSS3: 6.5

EPSS Низкий

Описание

The XML parser in Magic xpi Integration Platform 4.13.4 allows XXE attacks, e.g., via onItemImport.

Ссылки

https://ds-security.com/post/xml_external_entity_injection_magic_xpi/
Exploit
Third Party Advisory
https://www2.magicsoftware.com/ver/docs/Downloads/Magicxpi/4.14/Windows/ReleaseNotes4.14.pdf
Release Notes
Vendor Advisory
https://ds-security.com/post/xml_external_entity_injection_magic_xpi/
Exploit
Third Party Advisory
https://www2.magicsoftware.com/ver/docs/Downloads/Magicxpi/4.14/Windows/ReleaseNotes4.14.pdf
Release Notes
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:magicsoftware:magic_xpi_integration_platform:4.13.4:*:*:*:*:*:*:*

EPSS

Процентиль: 41%

0.00188

Низкий

6.5 Medium

CVSS3

Дефекты

CWE-611

CWE-611

Связанные уязвимости

GHSA-mm8x-p4pr-4p9f

CVSS3: 6.5

github

около 2 лет назад

The XML parser in Magic xpi Integration Platform 4.13.4 allows XXE attacks, e.g., via onItemImport.

EPSS

Процентиль: 41%

0.00188

Низкий

6.5 Medium

CVSS3

Дефекты

CWE-611

CWE-611