CVE-2017-15685
moderate-risk
Published 2020-11-27
Crafter CMS Crafter Studio 3.0.1 is affected by: XML External Entity (XXE). An unauthenticated attacker is able to create a site with specially crafted XML that allows the retrieval of OS files out-of-band.
Do I need to act?
~
2.3% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
8
CVSS 8.6/10
High
NETWORK
/ LOW complexity
Affected Products (1)
Affected Vendors
References (4)
Product
http://crafter.com
Vendor Advisory
https://docs.craftercms.org/en/3.0/security/advisory.html
Product
http://crafter.com
Vendor Advisory
https://docs.craftercms.org/en/3.0/security/advisory.html
39
/ 100
moderate-risk
Severity
29/34 · Critical
Exploitability
5/34 · Minimal
Exposure
5/34 · Minimal