| ID | CVE-2025-66370 | ||||||
| Sažetak | Kivitendo before 3.9.2 allows XXE injection. By uploading an electronic invoice in the ZUGFeRD format, it is possible to read and exfiltrate files from the server's filesystem. | ||||||
| Reference |
|
||||||
| CVSS |
|
||||||
| Pristup |
|
||||||
| Impact |
|
||||||
| CVSS vektor | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N | ||||||
| Zadnje važnije ažuriranje | 01-12-2025 - 15:39 | ||||||
| Objavljeno | 28-11-2025 - 04:16 |
