CyberSec.Space Logo
Back to CVE Browser

CVE-2017-2815

HIGH
8.1
CVSS Severity Score
EPSS Score0.1550%
EPSS Percentile23.67th
PublishedMay 15, 2018
Last ModifiedNov 21, 2024

Vulnerability Description

An exploitable XML entity injection vulnerability exists in OpenFire User Import Export Plugin 2.6.0. A specially crafted web request can cause the retrieval of arbitrary files or denial of service. An authenticated attacker can send a crafted web request to trigger this vulnerability.

Affected Platforms (CPE)

📦
Igniterealtime

User Import Export

= 2.6.0

References & Advisories

🔗 https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0316
🔗 https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0316

Related Vulnerabilities

CVE-2019-147719.8

Backdrop CMS 1.12.x before 1.12.8 and 1.13.x before 1.13.3 allows the upload of entire-site configuration archives through the use...

CVE-2012-02049.3

Untrusted search path vulnerability in InfoSphere Import Export Manager 8.1 through 9.1 in InfoSphere Information Server MetaBroke...

CVE-2019-118758.8

In AutomateAppCore.dll in Blue Prism Robotic Process Automation 6.4.0.8445, a vulnerability in access control can be exploited to ...

CVE-2020-120748.8

The users-customers-import-export-for-wp-woocommerce plugin before 1.3.9 for WordPress allows subscribers to import administrative...