← Back to Advisories
Maltego XML External Entity Injection
MEDIUM CVE-2020-35707

Dominik Penner @zer0pwn
DESCRIPTION
A vulnerability in Maltego allows XML external entity injection attacks through malformed input.
DETAILS
Maltego contains an XML external entity (XXE) injection vulnerability that could allow an attacker to read arbitrary files on the system, conduct server-side request forgery (SSRF) attacks, or cause denial of service.
AFFECTING
- Maltego • 4.2.12