CVE-2021-28684
MEDIUMPowerArchiver < 20.10.02 - XML External Entity Injection
Title source: llmDescription
The XML parser used in ConeXware PowerArchiver before 20.10.02 allows processing of external entities, which might lead to exfiltration of local files over the network (via an XXE attack).
References (2)
Core 2
Core References
Product x_refsource_misc
https://www.powerarchiver.com
Exploit, Third Party Advisory x_refsource_misc
https://peterka.tech/blog/posts/cve-2021-28684/
Scores
CVSS v3
4.3
EPSS
0.0092
EPSS Percentile
55.5%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
Details
CWE
CWE-611
Status
published
Products (1)
powerarchiver/powerarchiver
< 20.10.02
Published
Jun 21, 2021
Tracked Since
Feb 18, 2026