XML External Entity Injection (XXE) in OpenCats Applicant Tracking System

Vendor’s Vulnerability Announcement CVE-2019-13358 Internet Facing OpenCats: Google Dork OpenCats is an open-sourced applicant tracking system that is used to track job applicants. Versions before 0.9.4-3 suffer from a XML External Entity Injection vulnerability that allows unauthenticated job applicants to read arbitrary files after uploading a resume with a docx or odt file extension. Vulnerability … Continue reading XML External Entity Injection (XXE) in OpenCats Applicant Tracking System

Dodd Security