PT-2023-21597 · Independentsoft · Jspreadsheet

Dominique Righetto

Publicado

2023-03-24

Atualizado

2023-03-30

CVE-2023-28151

CVSS v3.1

9.8

Crítica

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Independentsoft JSpreadsheet versions prior to 1.1.110

Description An issue was discovered in the API, which is prone to XML external entity (XXE) injection via a remote DTD in a DOCX file.

Recommendations For versions prior to 1.1.110, update to version 1.1.110 or later to resolve the issue.

Correção

XXE

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

CVE-2023-28151

Jspreadsheet