CVE-2023-26559

Published: Apr 14, 2023

Modified: Feb 7, 2025

PUBLISHED

Description

A directory traversal vulnerability in Oxygen XML Web Author before 25.0.0.3 build 2023021715 and Oxygen Content Fusion before 5.0.3 build 2023022015 allows an attacker to read files from a WEB-INF directory via a crafted HTTP request. (XML Web Author 24.1.0.3 build 2023021714 and 23.1.1.4 build 2023021715 are also fixed versions.)

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://oxygenxml.com

https://www.oxygenxml.com/security/advisory/SYNC-2023-042301.html

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2023-26559

Description

Affected Products

References