3 matches found
CVE-2017-2815
An exploitable XML entity injection vulnerability exists in OpenFire User Import Export Plugin 2.6.0. A specially crafted web request can cause the retrieval of arbitrary files or denial of service. An authenticated attacker can send a crafted web request to trigger this vulnerability...
CVE-2017-2815
OpenFire User Import Export Plugin 2.6.0 is vulnerable to XML External Entity (XXE) injection (CVE-2017-2815). An authenticated attacker can send a crafted request to trigger XXE, enabling retrieval of arbitrary files or causing a Denial of Service. Affected component: OpenFire User Import Export...
Open Fire User Import Export Plugin XML External Entity Injection(CVE-2017-2815)
Summary An exploitable XML entity injection vulnerability exists in OpenFire User Import Export Plugin 2.6.0. A specially crafted web request can cause the retrieval of arbitrary files or denial of service. An authenticated attacker can send a crafted web request to trigger this vulnerability...