Skip to main content
← Back to Advisories

Maltego XML External Entity Injection

MEDIUM CVE-2020-35707
Dominik Penner's profile picture

Dominik Penner @zer0pwn

DESCRIPTION

A vulnerability in Maltego allows XML external entity injection attacks through malformed input.

DETAILS

Maltego contains an XML external entity (XXE) injection vulnerability that could allow an attacker to read arbitrary files on the system, conduct server-side request forgery (SSRF) attacks, or cause denial of service.

AFFECTING

  • Maltego • 4.2.12