CVE-2023-41635

MEDIUM

GruppoSCAI RealGimm <1.1.37p38 - XSS

Title source: llm

Description

A XML External Entity (XXE) vulnerability in the VerifichePeriodiche.aspx component of GruppoSCAI RealGimm v1.1.37p38 allows attackers to read any file in the filesystem via supplying a crafted XML file.

References (2)

[Various Sources] https://github.com/CapgeminiCisRedTeam/Disclosure/blob/f7aafa9fcd4efa30071c7f77d3e9e6b14e92302b/CVE%20PoC/CVE-2023-41635%20%7C%20RealGimm%20-%20XML%20External%20Entity%20Injection.md

[Broken Link, Exploit, Third Party Advisory] https://github.com/CapgeminiCisRedTeam/Disclosure/blob/main/CVE%20PoC/CVE-ID%20%7C%20RealGimm%20-%20XML%20External%20Entity%20Injection.md

Scores

CVSS v3 6.5

EPSS 0.0006

EPSS Percentile 17.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-776

Status published

Products (1)

grupposcai/realgimm 1.1.37 p38

Published Aug 31, 2023

Tracked Since Feb 18, 2026