Print
CVE-2020-15232
CRITICAL
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
Lifecycle Timeline
1DescriptionNVD
In mapfish-print before version 3.24, a user can do to an XML External Entity (XXE) attack with the provided SDL style.
AnalysisAI
In mapfish-print before version 3.24, a user can do to an XML External Entity (XXE) attack with the provided SDL style. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
Technical ContextAI
This vulnerability is classified as XML External Entity (XXE) (CWE-611), which allows attackers to read arbitrary files or perform SSRF through XML processing. In mapfish-print before version 3.24, a user can do to an XML External Entity (XXE) attack with the provided SDL style. Affected products include: Mapfish Print. Version information: version 3.24.
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Disable external entity processing in XML parsers, use JSON instead of XML where possible.
The ContentProvider in the Canon PRINT jp.co.canon.bsd.ad.pixmaprint 2.5.5 application for Android does not properly res
Untrusted search path vulnerability in the installers of multiple SEIKO EPSON products allows an attacker to gain privil
In mapfish-print before version 3.24, a user can use the JSONP support to do a Cross-site scripting. Rated medium severi
Cross-site scripting (XSS) vulnerability in the Printer, email and PDF versions module 6.x-1.x before 6.x-1.15 and 7.x-1
Cross-site scripting (XSS) vulnerability in the Print (aka Printer, e-mail and PDF versions) module 6.x-1.x before 6.x-1
Share
External POC / Exploit Code
Leaving vuln.today