XML Entity Expansion Injection Vulnerability in Mendix Excel Importer Module

XML Entity Expansion Injection Vulnerability in Mendix Excel Importer Module

CVE-2022-34467 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

A vulnerability has been identified in Mendix Excel Importer Module (Mendix 8 compatible) (All versions < V9.2.2), Mendix Excel Importer Module (Mendix 9 compatible) (All versions < V10.1.2). The affected component is vulnerable to XML Entity Expansion Injection. An attacker may use this to compromise the availability of the affected component.

Learn more about our Web Application Penetration Testing UK.