Vulnerability Details CVE-2021-3312
An XML external entity (XXE) vulnerability in Alkacon OpenCms 11.0, 11.0.1 and 11.0.2 allows remote authenticated users with edit privileges to exfiltrate files from the server's file system by uploading a crafted SVG document.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.005
EPSS Ranking 64.0%
CVSS Severity
CVSS v3 Score 6.5
CVSS v2 Score 4.0
References