Vulnerability Details : CVE-2018-19858
Potential exploit
PrinceXML, versions 10 and below, is vulnerable to XXE due to the lack of protection against external entities. If an attacker passes HTML referencing an XML file (e.g., in an IFRAME element), PrinceXML will fetch the XML and parse it, thus giving an attacker file-read access and full-fledged SSRF.
Vulnerability category: XML external entity (XXE) injectionServer-side request forgery (SSRF)
Products affected by CVE-2018-19858
- cpe:2.3:a:princexml:princexml:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2018-19858
0.48%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 75 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2018-19858
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:P/I:N/A:N |
10.0
|
2.9
|
NIST | |
8.6
|
HIGH | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N |
3.9
|
4.0
|
NIST |
CWE ids for CVE-2018-19858
-
The product processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output.Assigned by: nvd@nist.gov (Primary)
References for CVE-2018-19858
-
https://hacking.us.com/blog/XSS-to-XXE-in-Prince/
XSS to XXE in Prince v10 and below (CVE-2018-19858) – Corben Leo – infosec write-ups and ramblingsExploit;Third Party Advisory
-
https://www.lynxsecurity.io/
Lynx Security LLCThird Party Advisory
-
https://www.youtube.com/watch?v=-7YIzYtWhzM
XXE in PrinceXML v10 and below - YouTubeExploit;Third Party Advisory
Jump to