What the vulnerability does
01Description
Improper Restriction of XML External Entity Reference vulnerability in pixelgrade Category Icon category-icon allows XML Entity Linking.This issue affects Category Icon: from n/a through <= 1.0.3.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
What the vulnerability does
Improper Restriction of XML External Entity Reference vulnerability in pixelgrade Category Icon category-icon allows XML Entity Linking.This issue affects Category Icon: from n/a through <= 1.0.3.
Explanation of Vulnerability in Simple Terms
Category Icon versions 1.0.3 and earlier contain an XML External Entity (XXE) vulnerability. An authenticated administrator can upload a malicious XML file that causes the site to read local files or make outbound requests. The vulnerability affects confidentiality, integrity, and availability of the site. Update to a version newer than 1.0.3.
What an attacker can do
Read local files, modify site data, or make the site send requests to external systems.
Potential impact on your site
An admin account compromise could lead to data theft, site defacement, or lateral network attacks.
Conditions required to exploit
Attacker must have administrator privileges and upload a crafted XML file.
Key dates
External resources
Related vulnerabilities