Vulnerability Details CVE-2018-1000830
XR3Player version <= V3.124 contains a XML External Entity (XXE) vulnerability in Playlist parser that can result in Disclosure of confidential data, denial of service, SSRF, port scanning.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 47.7%
CVSS Severity
CVSS v3 Score 10.0
CVSS v2 Score 7.5
References
Products affected by CVE-2018-1000830
-
cpe:2.3:a:xr3player_project:xr3player:3.100
-
cpe:2.3:a:xr3player_project:xr3player:3.101
-
cpe:2.3:a:xr3player_project:xr3player:3.102
-
cpe:2.3:a:xr3player_project:xr3player:3.103
-
cpe:2.3:a:xr3player_project:xr3player:3.104
-
cpe:2.3:a:xr3player_project:xr3player:3.105
-
cpe:2.3:a:xr3player_project:xr3player:3.106
-
cpe:2.3:a:xr3player_project:xr3player:3.107
-
cpe:2.3:a:xr3player_project:xr3player:3.108
-
cpe:2.3:a:xr3player_project:xr3player:3.109
-
cpe:2.3:a:xr3player_project:xr3player:3.110
-
cpe:2.3:a:xr3player_project:xr3player:3.111
-
cpe:2.3:a:xr3player_project:xr3player:3.112
-
cpe:2.3:a:xr3player_project:xr3player:3.113
-
cpe:2.3:a:xr3player_project:xr3player:3.114
-
cpe:2.3:a:xr3player_project:xr3player:3.115
-
cpe:2.3:a:xr3player_project:xr3player:3.116
-
cpe:2.3:a:xr3player_project:xr3player:3.117
-
cpe:2.3:a:xr3player_project:xr3player:3.118
-
cpe:2.3:a:xr3player_project:xr3player:3.119
-
cpe:2.3:a:xr3player_project:xr3player:3.120
-
cpe:2.3:a:xr3player_project:xr3player:3.121
-
cpe:2.3:a:xr3player_project:xr3player:3.122
-
cpe:2.3:a:xr3player_project:xr3player:3.123
-
cpe:2.3:a:xr3player_project:xr3player:3.124
-
cpe:2.3:a:xr3player_project:xr3player:3.45
-
cpe:2.3:a:xr3player_project:xr3player:3.46
-
cpe:2.3:a:xr3player_project:xr3player:3.47
-
cpe:2.3:a:xr3player_project:xr3player:3.48
-
cpe:2.3:a:xr3player_project:xr3player:3.49
-
cpe:2.3:a:xr3player_project:xr3player:3.50
-
cpe:2.3:a:xr3player_project:xr3player:3.51
-
cpe:2.3:a:xr3player_project:xr3player:3.52
-
cpe:2.3:a:xr3player_project:xr3player:3.53
-
cpe:2.3:a:xr3player_project:xr3player:3.54
-
cpe:2.3:a:xr3player_project:xr3player:3.55
-
cpe:2.3:a:xr3player_project:xr3player:3.56
-
cpe:2.3:a:xr3player_project:xr3player:3.57
-
cpe:2.3:a:xr3player_project:xr3player:3.59
-
cpe:2.3:a:xr3player_project:xr3player:3.60
-
cpe:2.3:a:xr3player_project:xr3player:3.62
-
cpe:2.3:a:xr3player_project:xr3player:3.64
-
cpe:2.3:a:xr3player_project:xr3player:3.66
-
cpe:2.3:a:xr3player_project:xr3player:3.67
-
cpe:2.3:a:xr3player_project:xr3player:3.68
-
cpe:2.3:a:xr3player_project:xr3player:3.69
-
cpe:2.3:a:xr3player_project:xr3player:3.70
-
cpe:2.3:a:xr3player_project:xr3player:3.71
-
cpe:2.3:a:xr3player_project:xr3player:3.72
-
cpe:2.3:a:xr3player_project:xr3player:3.73
-
cpe:2.3:a:xr3player_project:xr3player:3.74
-
cpe:2.3:a:xr3player_project:xr3player:3.75
-
cpe:2.3:a:xr3player_project:xr3player:3.76
-
cpe:2.3:a:xr3player_project:xr3player:3.77
-
cpe:2.3:a:xr3player_project:xr3player:3.78
-
cpe:2.3:a:xr3player_project:xr3player:3.79
-
cpe:2.3:a:xr3player_project:xr3player:3.80
-
cpe:2.3:a:xr3player_project:xr3player:3.81
-
cpe:2.3:a:xr3player_project:xr3player:3.82
-
cpe:2.3:a:xr3player_project:xr3player:3.83
-
cpe:2.3:a:xr3player_project:xr3player:3.84
-
cpe:2.3:a:xr3player_project:xr3player:3.85
-
cpe:2.3:a:xr3player_project:xr3player:3.86
-
cpe:2.3:a:xr3player_project:xr3player:3.87
-
cpe:2.3:a:xr3player_project:xr3player:3.88
-
cpe:2.3:a:xr3player_project:xr3player:3.89
-
cpe:2.3:a:xr3player_project:xr3player:3.90
-
cpe:2.3:a:xr3player_project:xr3player:3.91
-
cpe:2.3:a:xr3player_project:xr3player:3.92
-
cpe:2.3:a:xr3player_project:xr3player:3.93
-
cpe:2.3:a:xr3player_project:xr3player:3.94
-
cpe:2.3:a:xr3player_project:xr3player:3.96
-
cpe:2.3:a:xr3player_project:xr3player:3.97
-
cpe:2.3:a:xr3player_project:xr3player:3.98
-
cpe:2.3:a:xr3player_project:xr3player:3.99