Mpxj - Mpxj CVE

Filtered by vendor Mpxj Subscribe

Filtered by product Mpxj

ALL

NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Total 2 CVE

CVE	Vendors	Products	Updated	CVSS v2	CVSS v3
CVE-2020-25020	1 Mpxj	1 Mpxj	2021-01-20	7.5 HIGH	9.8 CRITICAL
MPXJ through 8.1.3 allows XXE attacks. This affects the GanttProjectReader and PhoenixReader components.
CVE-2020-35460	1 Mpxj	1 Mpxj	2021-01-20	5.0 MEDIUM	5.3 MEDIUM
common/InputStreamHelper.java in Packwood MPXJ before 8.3.5 allows directory traversal in the zip stream handler flow, leading to the writing of files to arbitrary locations.

Vulnerabilities (CVE)