CVE-2019-17323

HIGH

ClipSoft REXPERT <1.0.0.527 - Code Injection

Title source: llm

Description

ClipSoft REXPERT 1.0.0.527 and earlier version allows arbitrary file creation and execution via report print function of rexpert viewer with modified XML document. User interaction is required to exploit this vulnerability in that the target must visit a malicious web page.

References (1)

[Third Party Advisory] https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=35184

Scores

CVSS v3 8.8

EPSS 0.0042

EPSS Percentile 61.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE

CWE-91

Status published

Products (1)

clipsoft/rexpert < 1.0.0.527

Published Oct 30, 2019

Tracked Since Feb 18, 2026