The (1) mkxmltype and (2) mkdtskel scripts in XML-DT before 0.64 allow local users to overwrite arbitrary files via a symlink attack on a /tmp/_xml_##### temporary file.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-59,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| xml-dt_project | xml-dt | 0.62 |
| xml-dt_project | xml-dt | 0.61 |
| xml-dt_project | xml-dt | 0.60 |
| xml-dt_project | xml-dt | * |