PT-2018-9423 · Nemein · Openpsa
Prodigysml
·
Published
2018-06-26
·
Updated
2018-08-30
·
CVE-2018-1000526
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
Openpsa versions prior to the version containing commit 4974a26
Description
The issue is related to a XML Injection vulnerability in the RSS file upload feature, which can lead to Remote denial of service. This can be exploited via a specially crafted XML file.
Recommendations
For versions prior to the version containing commit 4974a26, update to a version that includes the fix for this issue, which is available after commit 4974a26.
Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Openpsa