XML External Entity (XXE) vulnerability resulting in Server-Side Request Forgery (SSRF)

An XML External Entity (XXE) vulnerability allows malicious user to perform Server-Side Request Forgery (SSRF) via crafted XML input containing malicious external entity references. This issue affects Xerox FreeFlow Core versions up to and including 8.0.7.  Please consider upgrading to FreeFlow Core version 8.1.0 via the software available on -  https://www.support.xerox.com/en-us/product/core/downloads

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

XML外部实体引用的不恰当限制(XXE)

Xerox FreeFlow Core 安全漏洞

Xerox FreeFlow Core是美国施乐（Xerox）公司的一款灵活易用的软件。 Xerox FreeFlow Core 8.0.7及之前版本存在安全漏洞，该漏洞源于XML外部实体漏洞，可能导致恶意用户通过特制XML输入执行服务端请求伪造。

N/A

N/A