Singapore - XXE at https://www.starbucks.com.sg/RestApi/soap11
High
S
Starbucks
Submitted None
Team Summary
Official summary from Starbucks
rugb discovered the endpoint at https://www.starbucks.com.sg/RestApi/* was found vulnerable to XML eXternal Entity (XXE) processing. This permitted arbitrary reading of files on the remote server. This asset is not rated as critical as it does not contain sensitive data. @rugb — thank you for reporting this vulnerability and for confirming the resolution.
Actions:
Reported by
rugb
Report Details
Additional information and metadata
State
Closed
Substate
Resolved
Submitted
Weakness
XML External Entities (XXE)