CVE-2024-7098

Improper Restriction of XML External Entity Reference vulnerability in SFS Consulting ww.Winsure allows XML Injection. This issue affects ww.Winsure: before 4.6.2.

critical 9.8 CVSS 3.1
Published: Sep 16, 2024
Modified: Jun 3, 2026
Vendor: Sfs
Product: Winsure

Description

Improper Restriction of XML External Entity Reference vulnerability in SFS Consulting ww.Winsure allows XML Injection.

This issue affects ww.Winsure: before 4.6.2.

References

Related CVEs

CVE-2024-6401 critical · 9.8
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in SFS Consulting InsureE GL allows SQL Injection. This issue affects InsureE GL
CVE-2024-7104 critical · 9.8
Improper Control of Generation of Code ('Code Injection') vulnerability in SFS Consulting ww.Winsure allows Code Injection. This issue affects ww.Winsure: before 4.6.2.