CVE-2023-37290

Name of the Vulnerable Software and Affected Versions InfoDoc Document On-line Submission and Approval System (affected versions not specified)

Description The issue arises from insufficient restrictions on available tags within the HTML to PDF conversion function, allowing unauthenticated attackers to load remote or local resources through HTML tags such as iframe. This enables unauthenticated remote attackers to perform Server-Side Request Forgery (SSRF) attacks, gaining unauthorized access to arbitrary system files and uncovering the internal network topology.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.