Vulnerabilities (CVE)

Filtered by vendor Mpxj Subscribe
Total 2 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-35460 2 Mpxj, Oracle 2 Mpxj, Primavera Unifier 2022-08-06 5.0 MEDIUM 5.3 MEDIUM
common/InputStreamHelper.java in Packwood MPXJ before 8.3.5 allows directory traversal in the zip stream handler flow, leading to the writing of files to arbitrary locations.
CVE-2020-25020 1 Mpxj 1 Mpxj 2021-01-20 7.5 HIGH 9.8 CRITICAL
MPXJ through 8.1.3 allows XXE attacks. This affects the GanttProjectReader and PhoenixReader components.