Lucene search

K
veracodeVeracode Vulnerability DatabaseVERACODE:43727
HistoryOct 10, 2023 - 6:52 p.m.

XML External Entity (XXE) Injection

2023-10-1018:52:54
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
6
xml files
mediawiki
injection

CVSS3

7.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N

EPSS

0.001

Percentile

46.8%

Mediawiki is vulnerable to . The vulnerability arises from inadequate validation of namespaces used in XML files within the library. This allows an attacker to upload malicious files by sending a malicious link to the instance administrator.

CVSS3

7.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N

EPSS

0.001

Percentile

46.8%