Lucene search

[email protected]CVE-2018-1000830

HistoryOct 03, 2022 - 4:21 p.m.

CVE-2018-1000830

2022-10-0316:21:59

CWE-611

[email protected]

web.nvd.nist.gov

xr3player

v3.124

xml external entity

xxe

vulnerability

playlist parser

disclosure of confidential data

denial of service

ssrf

port scanning

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

10 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

9.3 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

57.9%

JSON

XR3Player version <= V3.124 contains a XML External Entity (XXE) vulnerability in Playlist parser that can result in Disclosure of confidential data, denial of service, SSRF, port scanning.

Affected configurations

NVD

Node

xr3player_projectxr3playerRange≤3.124

CPENameOperatorVersion
xr3player_project:xr3playerxr3player project xr3playerle3.124

CPE	Name	Operator	Version
xr3player_project:xr3player	xr3player project xr3player	le	3.124

References

0dd.zone/2018/10/28/xr3player-XXE/

github.com/goxr3plus/XR3Player/issues/9

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

10 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

9.3 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

57.9%

JSON

Related for CVE-2018-1000830

prion1 osv1 nvd1 cvelist1