CVE-2017-12439

The CVE-2017-12439 entry concerns SocuSoft Flash Slideshow Maker Professional up to version 5.20. When advanced configuration is used, the xml_path HTTP parameter trusts user-supplied input in conjunction with an unsafe XML configuration file, enabling issues described as content forgery, cross-s...