Base Score

MEDIUM4

CVE-2024-31573

XMLUnit for Java before 2.10.0, in the default configuration, might allow code execution via an untrusted stylesheet (used for an XSLT transformation), because XSLT extension functions are enabled.

VectorLOCAL

Published Bycve@mitre.org

Published DateOct 17, 2025, 19:15

Affected Versions(1)

org.xmlunit:xmlunit-core(Maven)

Introduced0

Fixed2.10.0

LimitN/A

Package (Ecosystem)	Introduced	Fixed	Limit
org.xmlunit:xmlunit-core(Maven)	0	2.10.0	N/A

Weakness Type (CWE):CWE-669

CVSS Metrics

Base Score

Vector String

CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

Base Severity

MEDIUM

Version

3.1

Attack Vector (AV)

LOCAL

Attack Complexity (AC)

HIGH

Privileges Required (PR)

NONE

User Interaction (UI)

NONE

Scope (S)

UNCHANGED

Confidentiality (C)

LOW

Integrity (I)

LOW

Availability (A)

NONE

References

Base Score

MEDIUM4

Weakness Type (CWE):CWE-669

CVSS Metrics

Base Score

Vector String

CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

Base Severity

MEDIUM

Version

3.1

Attack Vector (AV)

LOCAL

Attack Complexity (AC)

HIGH

Privileges Required (PR)

NONE

User Interaction (UI)

NONE

Scope (S)

UNCHANGED

Confidentiality (C)

LOW

Integrity (I)

LOW

Availability (A)

NONE