CVE Vulnerabilities

CVE-2019-19144

Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')

Published: Aug 01, 2025 | Modified: Aug 04, 2025
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
RedHat/V2
RedHat/V3
Ubuntu

XML External Entity Injection vulnerability in Quantum DXi6702 2.3.0.3 (11449-53631 Build304) devices via rest/Users?action=authenticate.

Weakness

The product uses XML documents and allows their structure to be defined with a Document Type Definition (DTD), but it does not properly control the number of recursive definitions of entities.

Potential Mitigations

References