CVE-2019-19031

Name of the Vulnerable Software and Affected Versions Easy XML Editor versions prior to 1.7.9

Description The issue is related to XML External Entity Injection in the XML Parsing component, allowing for Arbitrary File Read and Denial of Service (DoS) by consuming resources. This can be achieved through a specially crafted XML payload. The attack vector involves exploiting errors in XML request processing, potentially enabling a remote attacker to cause application downtime or read arbitrary files in the system by tricking a user into opening a specially formed XML file.

Recommendations For Easy XML Editor versions prior to 1.7.9, update to version 1.7.9 or later to resolve the issue. As a temporary workaround, consider restricting the use of the XML Parsing component until a patch is available. Avoid using specially crafted XML payloads in the affected XML Parsing component to minimize the risk of exploitation.