Published: 31/07/2021 Updated: 09/08/2021

CVSS v2 Base Score: 4 | Impact Score: 2.9 | Exploitability Score: 8

CVSS v3 Base Score: 6.5 | Impact Score: 3.6 | Exploitability Score: 2.8

VMScore: 356

Vector: AV:N/AC:L/Au:S/C:P/I:N/A:N

ObjectPlanet Opinio prior to 7.15 allows XXE attacks via three steps: modify a .css file to have <!ENTITY content, create a .xml file for a generic survey template (containing a link to this .css file), and import this .xml file at the survey/admin/folderSurvey.do?action=viewImportSurvey['importFile'] URI. The XXE can then be triggered at a admin/preview.do?action=previewSurvey&surveyId= URI.

Vulnerable Product	Search on Vulmon	Subscribe to Product
objectplanet opinio

ObjectPlanet Opinio versions 713 and 714 suffer from an XML external entity injection vulnerability ...

ObjectPlanet Opinio version 713 suffers from a remote shell upload vulnerability ...

CWE-611 https://packetstormsecurity.com/files/163707/ObjectPlanet-Opinio-7.13-7.14-XML-Injection.html https://www.objectplanet.com/opinio/changelog.html https://nvd.nist.gov https://packetstormsecurity.com/files/163707/ObjectPlanet-Opinio-7.13-7.14-XML-Injection.html

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2020-26564

Vulnerability Summary

Vulnerability Trend

Exploits

References

Vulmon Search

About

Products

Connect