Vulnerabilities > CVE-2019-11392 - XXE vulnerability in Dotnetblogengine Blogengine.Net

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
NONE
Availability impact
NONE
network
low complexity
dotnetblogengine
CWE-611

Summary

BlogEngine.NET 3.3.7 and earlier allows XXE via an apml file to syndication.axd.