Vulnerabilities > CVE-2019-11392 - XXE vulnerability in Dotnetblogengine Blogengine.Net

047910
CVSS 5.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
NONE
Availability impact
NONE
network
low complexity
dotnetblogengine
CWE-611
NVD
Published: 2019-06-21
Updated: 2019-06-23

Summary

BlogEngine.NET 3.3.7 and earlier allows XXE via an apml file to syndication.axd.

Vulnerable Configurations

Part Description Count
Application
Dotnetblogengine
8

Common Weakness Enumeration (CWE)

References