CVE-2023-24187
Published
CVSS v3
7.8
HIGH
CVSS v2
N/A
Affected
2
PROJECTS
Description
An XML External Entity (XXE) vulnerability in ureport v2.2.9 allows attackers to execute arbitrary code via uploading a crafted XML file to /ureport/designer/saveReportFile.
GitHubUReport2 is a high-performance pure Java report engine based on Spring architecture, where complex Chinese-style statements and reports can be prepared by iterating over cells.
GitHub