How severe is CVE-2020-26229?

This vulnerability has a severity rating of LOW with a CVSS score of 3.7 out of 10.

What type of vulnerability is CVE-2020-26229?

This is classified as CWE-611, which is a common weakness in software security.

CVE-2020-26229 - LOW Severity | CVSS 3.7

Vulnerability Description

TYPO3 is an open source PHP based web content management system. In TYPO3 from version 10.4.0, and before version 10.4.10, RSS widgets are susceptible to XML external entity processing. This vulnerability is reasonable, but is theoretical - it was not possible to actually reproduce the vulnerability with current PHP versions of supported and maintained system distributions. At least with libxml2 version 2.9, the processing of XML external entities is disabled per default - and cannot be exploited. Besides that, a valid backend user account is needed. Update to TYPO3 version 10.4.10 to fix the problem described.

Related Vulnerabilities

CVE-2022-0861

LOW

CVSS:3.8(Low)

A XML Extended entity vulnerability in McAfee Enterprise ePolicy Orchestrator (ePO) prior to 5.10 Update 13 allows a remote administrator attacker to upload a malicious XML file through the extension ...

CWE-6112022

CVE-2021-21470

LOW

CVSS:3.6(Low)

SAP EPM Add-in for Microsoft Office, version - 1010 and SAP EPM Add-in for SAP Analysis Office, version - 2.8, allows an authenticated attacker with user privileges to parse malicious XML files which ...

CWE-6112021

CVE-2020-11885

MEDIUM

CVSS:4.0(Medium)

WSO2 Enterprise Integrator through 6.6.0 has an XXE vulnerability where a user (with admin console access) can use the XML validator to make unintended network invocations such as SSRF via an uploaded...

CWE-6112020

CVE-2025-29932

MEDIUM

CVSS:4.1(Medium)

In JetBrains GoLand before 2025.1 an XXE during debugging was possible

CWE-6112025

CVE-2018-16252

LOW

CVSS:3.3(Low)

FsPro Labs Event Log Explorer 4.6.1.2115 has ".elx" FileType XML External Entity Injection.

CWE-6112018

CVE-2020-12025

LOW

CVSS:3.3(Low)

Rockwell Automation Logix Designer Studio 5000 Versions 32.00, 32.01, and 32.02 vulnerable to an xml external entity (XXE) vulnerability, which may allow an attacker to view hostnames or other resourc...

CWE-6112020