Vulnerability Details CVE-2020-26705
The parseXML function in Easy-XML 0.5.0 was discovered to have a XML External Entity (XXE) vulnerability which allows for an attacker to expose sensitive data or perform a denial of service (DOS) via a crafted external entity entered into the XML content as input.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 54.8%
CVSS Severity
CVSS v3 Score 9.1
CVSS v2 Score 6.4
References
Products affected by CVE-2020-26705
-
cpe:2.3:a:easyxml_project:easyxml:0.5.0