EUVD-2019-3070

Malware in sbrugna...

BlogEngine 3.3 - 'syndication.axd' XML External Entity Injection

Title: BlogEngine 3.3 - 'syndication.axd' XML External Entity Injection Author: Daniel Martinez Adan aDoN90 Date: 2020-05-01 Homepage: https://blogengine.io/ Software Link: https://blogengine.io/support/download/ Affected Versions: 3.3 Vulnerability: XML External Entity XXE OOB Injection...

BlogEngine 3.3 XML Injection

Name: XML External Entity Injection OOB Vulnerability in BlogEngine 3.3 Affected Software: BlogEngine Affected Versions: 3.3 Homepage: https://blogengine.io/ Vulnerability: XML External Entity XXE OOB Injection Vulnerability Severity: High Status: Fixed Author: Daniel Martinez Adan aDoN90 CVSS...

CVE-2019-11392

BlogEngine.NET 3.3.7 and earlier allows XXE via an apml file to syndication.axd...

CVE-2019-11392

BlogEngine.NET 3.3.7 and earlier allows XXE via an apml file to syndication.axd...

Design/Logic Flaw

BlogEngine.NET 3.3.7 and earlier allows XXE via an apml file to syndication.axd...

CVE-2019-11392

BlogEngine.NET 3.3.7 and earlier are affected by an XXE via an apml file to the syndication.axd endpoint. Root cause: external entity processing in the app. Impact: potential exposure of sensitive data. Affected versions: 3.3.7 and earlier. Remediation: disable the syndication.axd endpoint until ...