CVE-2019-20191
HIGHOxygen XML Editor < 21.1.1 - XML External Entity Injection
Title source: llmDescription
Oxygen XML Editor 21.1.1 allows XXE to read any file.
References (1)
Core 1
Core References
Various Sources x_refsource_misc
https://medium.com/%40Pablo0xSantiago/cve-2019-20191-oxygen-xml-editor-21-1-1-allows-xxe-216b816f312b
Scores
CVSS v3
7.5
EPSS
0.0115
EPSS Percentile
62.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-611
Status
published
Products (3)
sync/oxygen_xml_author
< 21.1
sync/oxygen_xml_developer
< 21.1
sync/oxygen_xml_editor
< 21.1.1
Published
Mar 16, 2020
Tracked Since
Feb 18, 2026