An XML external entities (XXE) injection vulnerability in...
Moderate severity
Unreviewed
Published
Aug 21, 2025
to the GitHub Advisory Database
•
Updated Sep 11, 2025
Description
Published by the National Vulnerability Database
Aug 21, 2025
Published to the GitHub Advisory Database
Aug 21, 2025
Last updated
Sep 11, 2025
An XML external entities (XXE) injection vulnerability in the /init API endpoint in Exagid EX10 7.0.1p02 allows an authenticated, unprivileged attacker to achieve information disclosure and privilege escalation via a crafted ISys XML message.
References