CVE-2024-7098
CRITICAL WAF: High
CVSS 9.8
Published: 2024-09-16
CWE-611
Improper Restriction of XML External Entity Reference vulnerability in SFS Consulting ww.Winsure allows XML Injection.This issue affects ww.Winsure: before 4.6.2.
WAF Coverage Analysis
XML External Entity (XXE)
High WAF Coverage
OWASP: A05:2021 Security Misconfiguration
941xxx - XSS / XXE
Affected Software
| Vendor | Product | Version |
|---|---|---|
| sfs | winsure | up to 4.6.2 |
References
- www.usom.gov.tr (Broken Link, Third Party Advisory)