I've had a client ask me today if their version of Umbraco (6.2.5) is suspectible to an XML External Entities Injection attack? Although I'm sure this has been handled, according to OWASP there is a risk if the version of .Net is below 4.6 (https://www.owasp.org/index.php/XMLExternalEntity(XXE)Processing) so does anyone know for sure if this is something that is definitely handled by Umbraco version 6.2.5?
XML External Entities Injection Vulnerability
Hi,
I've had a client ask me today if their version of Umbraco (6.2.5) is suspectible to an XML External Entities Injection attack? Although I'm sure this has been handled, according to OWASP there is a risk if the version of .Net is below 4.6 (https://www.owasp.org/index.php/XMLExternalEntity(XXE)Processing) so does anyone know for sure if this is something that is definitely handled by Umbraco version 6.2.5?
Cheers,
Simon
is working on a reply...