PrinceXML, versions 10 and below, is vulnerable to XXE due to the lack of protection against external entities. If an attacker passes HTML referencing an XML file (e.g., in an IFRAME element), PrinceXML will fetch the XML and parse it, thus giving an attacker file-read access and full-fledged SSRF.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2019-01-29T23:00:00
Updated: 2024-08-05T11:44:20.666Z
Reserved: 2018-12-05T00:00:00
Link: CVE-2018-19858
Vulnrichment
No data.
NVD
Status : Modified
Published: 2019-01-30T15:29:06.490
Modified: 2024-11-21T03:58:41.900
Link: CVE-2018-19858
Redhat
No data.