Lucene search

[email protected]NVD:CVE-2023-28151

HistoryMar 24, 2023 - 8:15 p.m.

CVE-2023-28151

2023-03-2420:15:15

CWE-611

[email protected]

web.nvd.nist.gov

jspreadsheet

api

xxe

injection

remote

dtd

docx

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

6.5

Confidence

High

EPSS

0.002

Percentile

51.8%

JSON

An issue was discovered in Independentsoft JSpreadsheet before 1.1.110. The API is prone to XML external entity (XXE) injection via a remote DTD in a DOCX file.

Affected configurations

Nvd

Node

independentsoftjspreadsheetRange<1.1.110

VendorProductVersionCPE
independentsoftjspreadsheet*cpe:2.3:a:independentsoft:jspreadsheet:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
independentsoft	jspreadsheet	*	cpe:2.3:a:independentsoft:jspreadsheet::::::::

References

excellium-services.com/cert-xlm-advisory/CVE-2023-28151

www.independentsoft.de/jword/index.html

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

6.5

Confidence

High

EPSS

0.002

Percentile

51.8%

JSON

Related for NVD:CVE-2023-28151

cve1 prion1 cvelist1