Lucene search

PRIOn knowledge basePRION:CVE-2023-52239

HistoryFeb 06, 2024 - 7:15 a.m.

Design/Logic Flaw

2024-02-0607:15:00

PRIOn knowledge base

www.prio-n.com

xml parser

magic xpi

xxe attacks

onitemimport

nvd

7.2 High

AI Score

Confidence

Low

0.0005 Low

EPSS

Percentile

17.0%

The XML parser in Magic xpi Integration Platform 4.13.4 allows XXE attacks, e.g., via onItemImport.

CPENameOperatorVersion
magic_xpi_integration_platformeq4.13.4

CPE	Name	Operator	Version
	magic_xpi_integration_platform	eq	4.13.4

References

ds-security.com/post/xml_external_entity_injection_magic_xpi/

www2.magicsoftware.com/ver/docs/Downloads/Magicxpi/4.14/Windows/ReleaseNotes4.14.pdf