Description
XR3Player version <= V3.124 contains a XML External Entity (XXE) vulnerability in Playlist parser that can result in Disclosure of confidential data, denial of service, SSRF, port scanning.
Remediation
References
https://github.com/goxr3plus/XR3Player/issues/9
https://0dd.zone/2018/10/28/xr3player-XXE/
Related Vulnerabilities
CVE-2019-1003041 Vulnerability in maven package org.jenkins-ci.plugins:script-security
CVE-2019-19703 Vulnerability in maven package io.ktor:ktor-client-core
CVE-2020-5280 Vulnerability in maven package org.http4s:http4s-server
CVE-2022-25842 Vulnerability in maven package com.alibaba.oneagent:one-java-agent-plugin
CVE-2020-26939 Vulnerability in maven package org.bouncycastle:bcprov-ext-jdk15to18