CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0CVE-2020-15232 – XML External Entity attack in mapfish-print
https://notcve.org/view.php?id=CVE-2020-15232
In mapfish-print before version 3.24, a user can do to an XML External Entity (XXE) attack with the provided SDL style. En mapfish-print versiones anteriores a 3.24, un usuario puede realizar un ataque de tipo XML External Entity (XXE) con el estilo SDL proporcionado • https://github.com/mapfish/mapfish-print/pull/1397/commits/e1d0527d13db06b2b62ca7d6afb9e97dacd67a0e https://github.com/mapfish/mapfish-print/security/advisories/GHSA-vjv6-gq77-3mjw • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0CVE-2020-15231 – Cross-site scripting attack in mapfish-print
https://notcve.org/view.php?id=CVE-2020-15231
In mapfish-print before version 3.24, a user can use the JSONP support to do a Cross-site scripting. En mapfish-print versiones anteriores a 3.24, un usuario puede usar el soporte JSONP para realizar un ataque de tipo cross-site scripting • https://github.com/mapfish/mapfish-print/pull/1397/commits/89155f2506b9cee822e15ce60ccae390a1419d5e https://github.com/mapfish/mapfish-print/security/advisories/GHSA-w534-q4xf-h5v2 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 3CVE-2019-14339 – Canon PRINT 2.5.5 - Information Disclosure
https://notcve.org/view.php?id=CVE-2019-14339
The ContentProvider in the Canon PRINT jp.co.canon.bsd.ad.pixmaprint 2.5.5 application for Android does not properly restrict canon.ij.printer.capability.data data access. This allows an attacker's malicious application to obtain sensitive information including factory passwords for the administrator web interface and WPA2-PSK key. ContentProvider en la aplicación Canon PRINT jp.co.canon.bsd.ad.pixmaprint versión 2.5.5 para Android no restringe correctamente el acceso a los datos de canon.ij.printer.capability.data. Esto permite que la aplicación maliciosa de un atacante obtenga información confidencial, incluidas las contraseñas de fábrica para la interfaz web del administrador y la clave WPA2-PSK. Canon PRINT version 2.5.5 suffers from a content provider URI injection vulnerability. • https://www.exploit-db.com/exploits/47321 https://github.com/0x48piraj/CVE-2019-14339 http://packetstormsecurity.com/files/154266/Canon-PRINT-2.5.5-URI-Injection.html https://play.google.com/store/apps/details?id=jp.co.canon.bsd.ad.pixmaprint&hl=en_US •