Vulnerability Details CVE-2023-26559
A directory traversal vulnerability in Oxygen XML Web Author before 25.0.0.3 build 2023021715 and Oxygen Content Fusion before 5.0.3 build 2023022015 allows an attacker to read files from a WEB-INF directory via a crafted HTTP request. (XML Web Author 24.1.0.3 build 2023021714 and 23.1.1.4 build 2023021715 are also fixed versions.)
Exploit prediction scoring system (EPSS) score
EPSS Score 0.006
EPSS Ranking 67.7%
CVSS Severity
CVSS v3 Score 5.3
References
Products affected by CVE-2023-26559
-
cpe:2.3:a:sync:oxygen_content_fusion:-
-
cpe:2.3:a:sync:oxygen_content_fusion:1.1.0
-
cpe:2.3:a:sync:oxygen_content_fusion:2.0.0
-
cpe:2.3:a:sync:oxygen_content_fusion:3.0.0
-
cpe:2.3:a:sync:oxygen_content_fusion:4.0.0
-
cpe:2.3:a:sync:oxygen_content_fusion:4.1.0
-
cpe:2.3:a:sync:oxygen_content_fusion:5.0.0
-
cpe:2.3:a:sync:oxygen_xml_web_author:-
-
cpe:2.3:a:sync:oxygen_xml_web_author:18.0.0.0
-
cpe:2.3:a:sync:oxygen_xml_web_author:18.0.1.0
-
cpe:2.3:a:sync:oxygen_xml_web_author:19.0.0.0
-
cpe:2.3:a:sync:oxygen_xml_web_author:19.1.0.0
-
cpe:2.3:a:sync:oxygen_xml_web_author:20.0.0.0
-
cpe:2.3:a:sync:oxygen_xml_web_author:20.1.0.0
-
cpe:2.3:a:sync:oxygen_xml_web_author:21.0.0.0
-
cpe:2.3:a:sync:oxygen_xml_web_author:21.1.1.0
-
cpe:2.3:a:sync:oxygen_xml_web_author:22.0.0.0
-
cpe:2.3:a:sync:oxygen_xml_web_author:22.1.0.0
-
cpe:2.3:a:sync:oxygen_xml_web_author:23.0.0.0
-
cpe:2.3:a:sync:oxygen_xml_web_author:23.1.0.0
-
cpe:2.3:a:sync:oxygen_xml_web_author:23.1.1.0
-
cpe:2.3:a:sync:oxygen_xml_web_author:24.0.0.0
-
cpe:2.3:a:sync:oxygen_xml_web_author:24.1.0.0
-
cpe:2.3:a:sync:oxygen_xml_web_author:25.0.0.0
-
cpe:2.3:a:sync:oxygen_xml_web_author:25.1.0.0