Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
PrinceXML, versions 10 and below, is vulnerable to XXE due to the lack of protection against external entities. If an attacker passes HTML referencing an XML file (e.g., in an IFRAME element), PrinceXML will fetch the XML and parse it, thus giving an attacker file-read access and full-fledged SSRF.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
YesLogic Pty PrinceXML 跨站脚本漏洞
Vulnerability Description
YesLogic Pty PrinceXML是澳大利亚YesLogic Pty公司的一款用于将HTML文档转换为PDF文档的应用程序。 YesLogic Pty PrinceXML 10及之前版本中存在跨站脚本漏洞,该漏洞源于程序缺少对外部实体的防护措施。远程攻击者可利用该漏洞获取文件读取权限,实施服务器端请求伪造攻击或造成拒绝服务。
CVSS Information
N/A
Vulnerability Type
N/A