CVE-2018-1000830

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2018-1000830
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-1000830.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2018-1000830
Published
2018-12-20T15:29:01.313Z
Modified
2026-04-10T04:03:45.392175Z
Severity
  • 10.0 (Critical) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

XR3Player version <= V3.124 contains a XML External Entity (XXE) vulnerability in Playlist parser that can result in Disclosure of confidential data, denial of service, SSRF, port scanning.

References

Affected packages

Git / github.com/goxr3plus/xr3player

Affected ranges

Type
GIT
Repo
https://github.com/goxr3plus/xr3player
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
f93cd8fef8319ed4b29b6d1f95abfa0d1b2b309a
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "3.124"
        }
    ]
}

Affected versions

V3.*
V3.100
V3.101
V3.102
V3.103
V3.105
V3.106
V3.107
V3.108
V3.110
V3.111
V3.112
V3.113
V3.114
V3.116
V3.117
V3.119
V3.120
V3.121
V3.122
V3.123
V3.124
V3.45
V3.46
V3.48
V3.49
V3.51
V3.52
V3.55
V3.67
V3.69
V3.70
V3.71
V3.72
V3.73
V3.74
V3.77
V3.78
V3.79
V3.80
V3.81
V3.82
V3.83
V3.84
V3.85
V3.87
V3.88
V3.90
V3.91
V3.92
V3.93
V3.94
V3.96
V3.97
V3.99
v3.*
v3.47
v3.50
v3.53
v3.54
v3.56
v3.57
v3.59
v3.60
v3.62
v3.64
v3.66
v3.68

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-1000830.json"