Vulnerabilities > CVE-2018-1000830 - XXE vulnerability in Xr3Player Project Xr3Player

CVSS 10.0 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

xr3player-project

CWE-611

critical

NVD

Published: 2018-12-20

Updated: 2019-01-08

Summary

XR3Player version <= V3.124 contains a XML External Entity (XXE) vulnerability in Playlist parser that can result in Disclosure of confidential data, denial of service, SSRF, port scanning.

Vulnerable Configurations

Part	Description	Count
Application	Xr3Player_Project Xr3Player Project Xr3Player 3.45 Xr3Player Project Xr3Player 3.46 Xr3Player Project Xr3Player 3.47 Xr3Player Project Xr3Player 3.48 Xr3Player Project Xr3Player 3.49 Xr3Player Project Xr3Player 3.50 Xr3Player Project Xr3Player 3.51 Xr3Player Project Xr3Player 3.52 Xr3Player Project Xr3Player 3.53 Xr3Player Project Xr3Player 3.54 Xr3Player Project Xr3Player 3.55 Xr3Player Project Xr3Player 3.56 Xr3Player Project Xr3Player 3.57 Xr3Player Project Xr3Player 3.59 Xr3Player Project Xr3Player 3.60 Xr3Player Project Xr3Player 3.62 Xr3Player Project Xr3Player 3.64 Xr3Player Project Xr3Player 3.66 Xr3Player Project Xr3Player 3.67 Xr3Player Project Xr3Player 3.68 Xr3Player Project Xr3Player 3.69 Xr3Player Project Xr3Player 3.70 Xr3Player Project Xr3Player 3.71 Xr3Player Project Xr3Player 3.72 Xr3Player Project Xr3Player 3.73 Xr3Player Project Xr3Player 3.74 Xr3Player Project Xr3Player 3.75 Xr3Player Project Xr3Player 3.76 Xr3Player Project Xr3Player 3.77 Xr3Player Project Xr3Player 3.78 Xr3Player Project Xr3Player 3.79 Xr3Player Project Xr3Player 3.80 Xr3Player Project Xr3Player 3.81 Xr3Player Project Xr3Player 3.82 Xr3Player Project Xr3Player 3.83 Xr3Player Project Xr3Player 3.84 Xr3Player Project Xr3Player 3.85 Xr3Player Project Xr3Player 3.86 Xr3Player Project Xr3Player 3.87 Xr3Player Project Xr3Player 3.88 Xr3Player Project Xr3Player 3.89 Xr3Player Project Xr3Player 3.90 Xr3Player Project Xr3Player 3.91 Xr3Player Project Xr3Player 3.92 Xr3Player Project Xr3Player 3.93 Xr3Player Project Xr3Player 3.94 Xr3Player Project Xr3Player 3.96 Xr3Player Project Xr3Player 3.97 Xr3Player Project Xr3Player 3.98 Xr3Player Project Xr3Player 3.99 Xr3Player Project Xr3Player 3.100 Xr3Player Project Xr3Player 3.101 Xr3Player Project Xr3Player 3.102 Xr3Player Project Xr3Player 3.103 Xr3Player Project Xr3Player 3.104 Xr3Player Project Xr3Player 3.105 Xr3Player Project Xr3Player 3.106 Xr3Player Project Xr3Player 3.107 Xr3Player Project Xr3Player 3.108 Xr3Player Project Xr3Player 3.109 Xr3Player Project Xr3Player 3.110 Xr3Player Project Xr3Player 3.111 Xr3Player Project Xr3Player 3.112 Xr3Player Project Xr3Player 3.113 Xr3Player Project Xr3Player 3.114 Xr3Player Project Xr3Player 3.115 Xr3Player Project Xr3Player 3.116 Xr3Player Project Xr3Player 3.117 Xr3Player Project Xr3Player 3.118 Xr3Player Project Xr3Player 3.119 Xr3Player Project Xr3Player 3.120 Xr3Player Project Xr3Player 3.121 Xr3Player Project Xr3Player 3.122 Xr3Player Project Xr3Player 3.123 Xr3Player Project Xr3Player 3.124	75

Common Weakness Enumeration (CWE)

CWE-611 - Improper Restriction of XML External Entity Reference ('XXE')

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References