Vulnerability Details CVE-2018-15805
Accusoft PrizmDoc HTML5 Document Viewer before 13.5 contains an XML external entity (XXE) vulnerability, allowing an attacker to read arbitrary files or cause a denial of service (resource consumption).
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 60.9%
CVSS Severity
CVSS v3 Score 9.1
CVSS v2 Score 6.4
References
- https://help.accusoft.com/PrizmDoc/v13.5/HTML/webframe.html#Release_v13_5.html
- https://medium.com/%40mrnikhilsri/oob-xxe-in-prizmdoc-cve-2018-15805-dfb1e474345c
- https://help.accusoft.com/PrizmDoc/v13.5/HTML/webframe.html#Release_v13_5.html
- https://medium.com/%40mrnikhilsri/oob-xxe-in-prizmdoc-cve-2018-15805-dfb1e474345c
Products affected by CVE-2018-15805
-
cpe:2.3:a:accusoft:prizmdoc:13.0
-
cpe:2.3:a:accusoft:prizmdoc:13.1
-
cpe:2.3:a:accusoft:prizmdoc:13.2
-
cpe:2.3:a:accusoft:prizmdoc:13.3
-
cpe:2.3:a:accusoft:prizmdoc:13.4