CVE-2018-1000821
CRITICALMicroMathematics < 2.17.3 - XML External Entity Injection via SMathStudio Files
Title source: llmDescription
MicroMathematics version before commit 5c05ac8 contains a XML External Entity (XXE) vulnerability in SMathStudio files that can result in Disclosure of confidential data, denial of service, SSRF, port scanning. This attack appear to be exploitable via Specially crafted SMathStudio files. This vulnerability appears to have been fixed in after commit 5c05ac8.
References (2)
Core 2
Core References
Issue Tracking, Third Party Advisory x_refsource_misc
https://github.com/mkulesh/microMathematics/issues/79
Third Party Advisory x_refsource_misc
https://0dd.zone/2018/10/27/micromathematics-XXE/
Scores
CVSS v3
10.0
EPSS
0.0186
EPSS Percentile
76.4%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Details
CWE
CWE-611
Status
published
Products (1)
micromathematics_project/micromathematics
< 2.17.3
Published
Dec 20, 2018
Tracked Since
Feb 18, 2026