vendor:
Prizm Content Connect
by:
@xhzeem
N/A
CVSS
N/A
XXE
611
CWE
Product Name: Prizm Content Connect
Affected Version From: v10.5.1030.8315
Affected Version To: v10.5.1030.8315
Patch Exists: Unknown
Related CWE:
CPE:
Platforms Tested:
2022
Prizm Content Connect v10.5.1030.8315 – XXE
The Prizm Content Connect v10.5.1030.8315 is vulnerable to XXE. Proof Of Concept: http://www.example.com/default.aspx?document=file.xml The file.xml can have an OoB XXE payload or any other blind XXE exploit.
Mitigation:
Ensure that XML parsers are configured to disable external entity references and DTDs.