PT-2020-10366 · Syncro Soft · Oxygen Xml Editor
Published
2020-03-16
·
Updated
2020-03-20
·
CVE-2019-20191
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Oxygen XML Editor version 21.1.1
Description
The issue allows XXE (XML External Entity) attacks, enabling an attacker to read any file.
Recommendations
For Oxygen XML Editor version 21.1.1, update to a version that fixes this issue to prevent XXE attacks.
Exploit
Fix
XXE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Oxygen Xml Editor