Primary

Context

Oinone Pamirs XML External Entity Vulnerability Allowing File Disclosure or SSRF

Vulnerability

An XML External Entity (XXE) vulnerability has been identified in Oinone Pamirs version 7.0.0. This issue arises from the application's XStream-based XML parsing, which is configured to be permissive and allows attacker-controlled XML to be processed unsafely. When such XML is directed to certain framework parsing entry points, it can lead to the resolution of external entities, potentially causing local file disclosure or server-side request forgery (SSRF), depending on the specific deployment and parser configuration.

Impact

Exploitation of this vulnerability could result in unauthorized file access or server-side request forgery, allowing an attacker to make requests from the server's context.

Remediation

Users can upgrade to Oinone Pamirs version 7.2.3, where this vulnerability has been fixed.

Added: May 15, 2026, 3:24 PM

Updated: May 15, 2026, 3:24 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.2

exploitability

7.3

remediation

0.0

relevance

8.4

threat

3.2

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.2

exploitability

7.3

remediation

0.0

relevance

8.4

threat

3.2

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Oinone Pamirs XML External Entity Vulnerability Allowing File Disclosure or SSRF

Vulnerability

Impact

Remediation

Affected Products

Oinone Pamirs

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating