Nikita Hrab

Name of the Vulnerable Software and Affected Versions: WorldServer version 11.8.2 Description: The issue is related to an XML External Entity (XXE) vulnerability in the Import object and Translation Memory import functionalities. This vulnerability can be exploited by supplying a crafted .tmx file, allowing access to sensitive information and execution of arbitrary commands. Recommendations: For WorldServer version 11.8.2, consider disabling the Import object and Translation Memory import functionalities until a patch is available to prevent exploitation of the XXE vulnerability. Restrict access to these functionalities to minimize the risk of sensitive information disclosure and arbitrary command execution.

Name of the Vulnerable Software and Affected Versions: WorldServer version 11.8.2 Description: A Stored Cross-Site Scripting (XSS) issue in the "Rules" functionality allows a remote authenticated attacker to execute arbitrary JavaScript code. Recommendations: For WorldServer version 11.8.2, at the moment, there is no information about a newer version that contains a fix for this vulnerability.