2 matches found
CVE-2023-37290 InfoDoc Document On-line Submission and Approval System - Server-Side Request Forgery (SSRF)
InfoDoc Document On-line Submission and Approval System lacks sufficient restrictions on the available tags within its HTML to PDF conversion function, and allowing an unauthenticated attackers to load remote or local resources through HTML tags such as iframe. This vulnerability allows...
CVE-2023-37290
InfoDoc Document On-line Submission and Approval System is affected by CVE-2023-37290 due to insufficient restrictions on HTML tags in its HTML-to-PDF conversion, enabling unauthenticated SSRF via resources loaded through tags like iframe. This could allow remote attackers to access arbitrary sys...