PT-2020-7496 · Unknown · Opopensocialplugin

Published

2020-02-07

Updated

2020-02-11

CVE-2013-4335

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions: opOpenSocialPlugin versions 0.8.2.1 through 0.9.9.2 opOpenSocialPlugin version 0.9.13 opOpenSocialPlugin version 1.2.6

Description: The issue involves multiple XML External Entity Injection vulnerabilities.

Recommendations: For opOpenSocialPlugin versions 0.8.2.1 through 0.9.9.2, update to a version outside of this range to resolve the issue. For opOpenSocialPlugin version 0.9.13, update to a version other than 0.9.13 to resolve the issue. For opOpenSocialPlugin version 1.2.6, update to a version other than 1.2.6 to resolve the issue.

Fix

XML Entity Expansion

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-776

Related Identifiers

CVE-2013-4335

Affected Products

Opopensocialplugin

PT-2020-7496 · Unknown · Opopensocialplugin

CVE-2013-4335

Weakness Enumeration

Related Identifiers

Affected Products

References · 4