SSRF and XXE Vulnerabilities in PDFreactor
Aon’s Cyber Solutions recently discovered two vulnerabilities in RealObjects PDFreactior prior to version 10.1.10722 in the default configuration. The identified vulnerabilities allow attackers to perform Server-Side Request Forgery (SSRF) and XML External Entity Injection (XXE) attacks in cases where PDFreactor is used to process user-controllable HTML over a network. Exploitation ... Read More
