Description
Openpsa contains a XML Injection vulnerability in RSS file upload feature that can result in Remote denial of service. This attack appear to be exploitable via Specially crafted XML file. This vulnerability appears to have been fixed in after commit 4974a26.
References (2)
Core 2
Core References
Third Party Advisory x_refsource_misc
https://0dd.zone/2018/05/31/OpenPSA-Object-Injection/
Exploit, Third Party Advisory x_refsource_misc
https://github.com/flack/openpsa/issues/192
Scores
CVSS v3
7.5
EPSS
0.0205
EPSS Percentile
78.7%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Details
CWE
CWE-91
Status
published
Products (1)
openpsa2/openpsa
Published
Jun 26, 2018
Tracked Since
Feb 18, 2026