CVE-2018-1000548
HIGHUmlet < 14.3 - XML External Entity Injection via UXF File Parsing
Title source: llmDescription
Umlet version < 14.3 contains a XML External Entity (XXE) vulnerability in File parsing that can result in disclosure of confidential data, denial of service, server side request forgery. This attack appear to be exploitable via Specially crafted UXF file. This vulnerability appears to have been fixed in 14.3.
References (2)
Core 2
Core References
Exploit, Third Party Advisory x_refsource_misc
https://github.com/umlet/umlet/issues/500
Exploit, Third Party Advisory x_refsource_misc
http://0dd.zone/2018/04/23/UMLet-XXE/
Scores
CVSS v3
7.8
EPSS
0.0132
EPSS Percentile
67.2%
Attack Vector
LOCAL
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Details
CWE
CWE-611
Status
published
Products (1)
umlet/umlet
< 14.3
Published
Jun 26, 2018
Tracked Since
Feb 18, 2026