Affected Products
| Vendor | Product | Versions |
|---|---|---|
| n/a | n/a | n/a |
Timeline
- Sep 21, 2017 CVE Published
- Dec 18, 2025 PoC Published
- Dec 18, 2025 PoC Published
- Jan 15, 2026 PoC Published
XML external entity (XXE) vulnerability in Episerver 7 patch 4 and earlier allows remote attackers to read arbitrary files via a crafted DTD in an XML request involving util/xmlrpc/Handler.ashx.
| Vendor | Product | Versions |
|---|---|---|
| n/a | n/a | n/a |