An issue was discovered in Independentsoft JWord before 1.1.110. The API is prone to XML external entity (XXE) injection via a remote DTD in a DOCX file.
References
Link | Resource |
---|---|
https://excellium-services.com/cert-xlm-advisory/CVE-2023-28152 | Third Party Advisory |
https://www.independentsoft.de/jword/index.html | Product |
Configurations
History
29 Mar 2023, 13:04
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:independentsoft:jword:*:*:*:*:*:*:*:* | |
First Time |
Independentsoft
Independentsoft jword |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.8 |
CWE | CWE-611 | |
References | (MISC) https://www.independentsoft.de/jword/index.html - Product | |
References | (MISC) https://excellium-services.com/cert-xlm-advisory/CVE-2023-28152 - Third Party Advisory |
24 Mar 2023, 17:57
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-03-24 16:15
Updated : 2023-12-10 15:01
NVD link : CVE-2023-28152
Mitre link : CVE-2023-28152
CVE.ORG link : CVE-2023-28152
JSON object : View
Products Affected
independentsoft
- jword
CWE
CWE-611
Improper Restriction of XML External Entity Reference