Unrated severityNVD Advisory· Published Apr 14, 2023· Updated Feb 7, 2025

CVE-2023-26559

Description

A directory traversal vulnerability in Oxygen XML Web Author before 25.0.0.3 build 2023021715 and Oxygen Content Fusion before 5.0.3 build 2023022015 allows an attacker to read files from a WEB-INF directory via a crafted HTTP request. (XML Web Author 24.1.0.3 build 2023021714 and 23.1.1.4 build 2023021715 are also fixed versions.)

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

Oxygen/XML Web Authordescription
Oxygen/XML Web Authorllm-create
Range: < 25.0.0.3
Oxygen/Content Fusionllm-create
Range: < 5.0.3

Patches

Vulnerability mechanics

References

oxygenxml.commitre
www.oxygenxml.com/security/advisory/SYNC-2023-042301.htmlmitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000