Security Advisory

CVE-2018-25142

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-12-24 19:27:48

Last updated 2025-12-24 20:25:54

Assigner VulnCheck

State PUBLISHED

Description

NovaRad NovaPACS Diagnostics Viewer 8.5.19.75 contains an unauthenticated XML External Entity (XXE) injection vulnerability in XML preference import settings. Attackers can craft malicious XML files with DTD parameter entities to retrieve arbitrary system files through an out-of-band channel attack.

← Browse all CVEs View on cve.org ↗