CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0CVE-2020-15232 – XML External Entity attack in mapfish-print
https://notcve.org/view.php?id=CVE-2020-15232
02 Oct 2020 — In mapfish-print before version 3.24, a user can do to an XML External Entity (XXE) attack with the provided SDL style. En mapfish-print versiones anteriores a 3.24, un usuario puede realizar un ataque de tipo XML External Entity (XXE) con el estilo SDL proporcionado • https://github.com/mapfish/mapfish-print/pull/1397/commits/e1d0527d13db06b2b62ca7d6afb9e97dacd67a0e • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0CVE-2020-15231 – Cross-site scripting attack in mapfish-print
https://notcve.org/view.php?id=CVE-2020-15231
02 Oct 2020 — In mapfish-print before version 3.24, a user can use the JSONP support to do a Cross-site scripting. En mapfish-print versiones anteriores a 3.24, un usuario puede usar el soporte JSONP para realizar un ataque de tipo cross-site scripting • https://github.com/mapfish/mapfish-print/pull/1397/commits/89155f2506b9cee822e15ce60ccae390a1419d5e • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 4%CPEs: 1EXPL: 4CVE-2019-14339 – Canon PRINT 2.5.5 - Information Disclosure
https://notcve.org/view.php?id=CVE-2019-14339
30 Aug 2019 — The ContentProvider in the Canon PRINT jp.co.canon.bsd.ad.pixmaprint 2.5.5 application for Android does not properly restrict canon.ij.printer.capability.data data access. This allows an attacker's malicious application to obtain sensitive information including factory passwords for the administrator web interface and WPA2-PSK key. ContentProvider en la aplicación Canon PRINT jp.co.canon.bsd.ad.pixmaprint versión 2.5.5 para Android no restringe correctamente el acceso a los datos de canon.ij.printer.capabil... • https://packetstorm.news/files/id/154266 •