Grassmarlin
Monthly
XML External Entity (XXE) injection in GRASSMARLIN v3.2.1 allows authenticated local users to extract sensitive information through crafted session data that exploits insufficient XML parser hardening. The vulnerability has a CVSS score of 5.5 with local attack vector and high confidentiality impact, affecting users with login credentials on systems running the affected version.
XML External Entity (XXE) injection in GRASSMARLIN v3.2.1 allows authenticated local users to extract sensitive information through crafted session data that exploits insufficient XML parser hardening. The vulnerability has a CVSS score of 5.5 with local attack vector and high confidentiality impact, affecting users with login credentials on systems running the affected version.