CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0CVE-2020-15232 – XML External Entity attack in mapfish-print
https://notcve.org/view.php?id=CVE-2020-15232
In mapfish-print before version 3.24, a user can do to an XML External Entity (XXE) attack with the provided SDL style. En mapfish-print versiones anteriores a 3.24, un usuario puede realizar un ataque de tipo XML External Entity (XXE) con el estilo SDL proporcionado • https://github.com/mapfish/mapfish-print/pull/1397/commits/e1d0527d13db06b2b62ca7d6afb9e97dacd67a0e https://github.com/mapfish/mapfish-print/security/advisories/GHSA-vjv6-gq77-3mjw • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0CVE-2020-15231 – Cross-site scripting attack in mapfish-print
https://notcve.org/view.php?id=CVE-2020-15231
In mapfish-print before version 3.24, a user can use the JSONP support to do a Cross-site scripting. En mapfish-print versiones anteriores a 3.24, un usuario puede usar el soporte JSONP para realizar un ataque de tipo cross-site scripting • https://github.com/mapfish/mapfish-print/pull/1397/commits/89155f2506b9cee822e15ce60ccae390a1419d5e https://github.com/mapfish/mapfish-print/security/advisories/GHSA-w534-q4xf-h5v2 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •