CVE-2019-19031
HIGH WAF: High
CVSS 8.1
Published: 2019-12-30
CWE-611
Easy XML Editor through v1.7.8 is affected by: XML External Entity Injection. The impact is: Arbitrary File Read and DoS by consuming resources. The component is: XML Parsing. The attack vector is: Specially crafted XML payload.
WAF Coverage Analysis
XML External Entity (XXE)
High WAF Coverage
OWASP: A05:2021 Security Misconfiguration
941xxx - XSS / XXE
Affected Software
| Vendor | Product | Version |
|---|---|---|
| edit-xml | easy_xml_editor | up to 1.7.8 |
References
- packetstormsecurity.com (Exploit, Third Party Advisory, VDB Entry)
- hackpuntes.com (Exploit, Third Party Advisory)