CVE-2020-26564 – ObjectPlanet Opinio before 7.15 allows XXE attacks via three steps: modify a .css file to …

31 July 2021

Vuln ID: CVE-2020-26564

Published: 2021-07-31 17:15:07Z

Description: ObjectPlanet Opinio before 7.15 allows XXE attacks via three steps: modify a .css file to have <!ENTITY content, create a .xml file for a generic survey template (containing a link to this .css file), and import this .xml file at the survey/admin/folderSurvey.do?action=viewImportSurvey[‘importFile’] URI. The XXE can then be triggered at a admin/preview.do?action=previewSurvey&surveyId= URI.

Source: NVD.NIST.GOV

Date:

31 July 2021

Categorie(s):

NVD

Tag(s):

NVD

5G Hackathons – Casey Ellis – BTS #2824 April 2024
CoralRaider leverages CDN cache domains in new infostealer campaign24 April 2024
Shouldn’t Teams, Zoom, Slack all interoperate securely for the Feds? Wyden is asking24 April 2024
The evolution from BEC to BCC24 April 2024
US indicts botnet operator24 April 2024