Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
bw-calendar-engine version <= bw-calendar-engine-3.12.0 contains a XML External Entity (XXE) vulnerability in IscheduleClient XML Parser that can result in Disclosure of confidential data, denial of service, SSRF, port scanning. This attack appear to be exploitable via Man in the Middle or malicious server.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
bw-calendar-engine IscheduleClient XML解析器安全漏洞
Vulnerability Description
bw-calendar-engine是一款日历引擎。IscheduleClient XML parser是其中的一个XML解析器。 bw-calendar-engine bw-calendar-engine-3.12.0及之前版本中的IscheduleClient XML解析器存在安全漏洞。攻击者可通过实施中间人攻击或借助恶意的服务器利用该漏洞泄露敏感数据,造成拒绝服务,实施服务器端请求伪造攻击或扫描端口。
CVSS Information
N/A
Vulnerability Type
N/A