I've had a client ask me today if their version of Umbraco (6.2.5) is suspectible to an XML External Entities Injection attack? Although I'm sure this has been handled, according to OWASP there is a risk if the version of .Net is below 4.6 (https://www.owasp.org/index.php/XMLExternalEntity(XXE)Processing) so does anyone know for sure if this is something that is definitely handled by Umbraco version 6.2.5?
XML External Entities Injection Vulnerability
Hi,
I've had a client ask me today if their version of Umbraco (6.2.5) is suspectible to an XML External Entities Injection attack? Although I'm sure this has been handled, according to OWASP there is a risk if the version of .Net is below 4.6 (https://www.owasp.org/index.php/XMLExternalEntity(XXE)Processing) so does anyone know for sure if this is something that is definitely handled by Umbraco version 6.2.5?
Cheers,
Simon
is working on a reply...
This forum is in read-only mode while we transition to the new forum.
You can continue this topic on the new forum by tapping the "Continue discussion" link below.