Lucene search
XeroxFreeflow Core
6 matches found
CVE-2024-47559
Authenticated RCE via Path Traversal
8.8CVSS7.8AI score0.00224EPSS
CVE-2024-47557
Pre-Auth RCE via Path Traversal
9.8CVSS8.3AI score0.00258EPSS
CVE-2024-47556
Pre-Auth RCE via Path Traversal
9.8CVSS8.3AI score0.00258EPSS
CVE-2024-47558
Authenticated RCE via Path Traversal
8.8CVSS7.8AI score0.00224EPSS
CVE-2025-8356
In Xerox FreeFlow Core version 8.0.4, an attacker can exploit a Path Traversal vulnerability to access unauthorized files on the server. This can lead to Remote Code Execution (RCE), allowing the attacker to run arbitrary commands on the system.
9.8CVSS7.3AI score0.00442EPSS
CVE-2025-8355
In Xerox FreeFlow Core version 8.0.4, improper handling of XML input allows injection of external entities. An attacker can craft malicious XML containing references to internal URLs, this results in a Server-Side Request Forgery (SSRF).
7.5CVSS6.8AI score0.00059EPSS