What the vulnerability does
01Description
Improper Restriction of XML External Entity Reference vulnerability in supsystic Easy Google Maps google-maps-easy allows XML Injection.This issue affects Easy Google Maps: from n/a through <= 1.11.18.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L
What the vulnerability does
Improper Restriction of XML External Entity Reference vulnerability in supsystic Easy Google Maps google-maps-easy allows XML Injection.This issue affects Easy Google Maps: from n/a through <= 1.11.18.
Explanation of Vulnerability in Simple Terms
Easy Google Maps versions up to 1.11.18 contain an XML External Entity (XXE) vulnerability. An authenticated administrator can craft a malicious XML payload to read local files, modify data, or disrupt service. The vulnerability requires high-level privileges and affects the confidentiality, integrity, and availability of the site.
What an attacker can do
Read local files, modify site data, or cause denial of service via malicious XML input.
Potential impact on your site
An admin account compromise could expose sensitive files or disrupt the maps functionality.
Conditions required to exploit
Attacker must have administrator-level access to the site.
Key dates
External resources