CVE-2023-45727

Severity CVSS v4.0:
Pending analysis
Type:
CWE-611 Improper Restriction of XML External Entity Reference ('XXE')
Publication date:
18/10/2023
Last modified:
06/02/2025

Description

Proself Enterprise/Standard Edition Ver5.62 and earlier, Proself Gateway Edition Ver1.65 and earlier, and Proself Mail Sanitize Edition Ver1.08 and earlier allow a remote unauthenticated attacker to conduct XML External Entity (XXE) attacks. By processing a specially crafted request containing malformed XML data, arbitrary files on the server containing account information may be read by the attacker.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:northgrid:proself:*:*:*:*:mail_sanitize:*:*:* 1.09 (excluding)
cpe:2.3:a:northgrid:proself:*:*:*:*:gateway:*:*:* 1.66 (excluding)
cpe:2.3:a:northgrid:proself:*:*:*:*:enterprise:*:*:* 5.63 (excluding)
cpe:2.3:a:northgrid:proself:*:*:*:*:standard:*:*:* 5.63 (excluding)