{"id":"CVE-2018-1000830","details":"XR3Player version \u003c= V3.124 contains a XML External Entity (XXE) vulnerability in Playlist parser that can result in Disclosure of confidential data, denial of service, SSRF, port scanning.","modified":"2026-04-10T04:03:45.392175Z","published":"2018-12-20T15:29:01.313Z","references":[{"type":"ADVISORY","url":"https://0dd.zone/2018/10/28/xr3player-XXE/"},{"type":"REPORT","url":"https://github.com/goxr3plus/XR3Player/issues/9"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/goxr3plus/xr3player","events":[{"introduced":"0"},{"last_affected":"f93cd8fef8319ed4b29b6d1f95abfa0d1b2b309a"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"3.124"}]}}],"versions":["V3.100","V3.101","V3.102","V3.103","V3.105","V3.106","V3.107","V3.108","V3.110","V3.111","V3.112","V3.113","V3.114","V3.116","V3.117","V3.119","V3.120","V3.121","V3.122","V3.123","V3.124","V3.45","V3.46","V3.48","V3.49","V3.51","V3.52","V3.55","V3.67","V3.69","V3.70","V3.71","V3.72","V3.73","V3.74","V3.77","V3.78","V3.79","V3.80","V3.81","V3.82","V3.83","V3.84","V3.85","V3.87","V3.88","V3.90","V3.91","V3.92","V3.93","V3.94","V3.96","V3.97","V3.99","v3.47","v3.50","v3.53","v3.54","v3.56","v3.57","v3.59","v3.60","v3.62","v3.64","v3.66","v3.68"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-1000830.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"}]}