Vulnerabilities > Improper Restriction of XML External Entity Reference ('XXE')

DATE CVE VULNERABILITY TITLE RISK
2021-02-11 CVE-2021-27184 XXE vulnerability in Pelco Digital Sentry Server 7.18.72.11464
Pelco Digital Sentry Server 7.18.72.11464 has an XML External Entity vulnerability (exploitable via the DTD parameter entities technique), resulting in disclosure and retrieval of arbitrary data on the affected node via an out-of-band (OOB) attack.
network
low complexity
pelco CWE-611
5.0
2021-02-10 CVE-2021-20353 XXE vulnerability in IBM Websphere Application Server
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data.
network
low complexity
ibm CWE-611
6.4
2021-02-01 CVE-2021-21266 XXE vulnerability in Openhab
openHAB is a vendor and technology agnostic open source automation software for your home.
network
low complexity
openhab CWE-611
4.0
2021-01-26 CVE-2020-4949 XXE vulnerability in IBM Websphere Application Server
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data.
network
low complexity
ibm CWE-611
6.4
2021-01-25 CVE-2021-23901 XXE vulnerability in Apache Nutch 0.8.1/0.9
An XML external entity (XXE) injection vulnerability was discovered in the Nutch DmozParser and is known to affect Nutch versions < 1.18.
network
low complexity
apache CWE-611
6.4
2021-01-20 CVE-2020-27858 XXE vulnerability in Arcserve D2D 16.5
This vulnerability allows remote attackers to disclose sensitive information on affected installations of CA Arcserve D2D 16.5.
network
low complexity
arcserve CWE-611
5.0
2021-01-19 CVE-2021-22498 XXE vulnerability in Microfocus Application Lifecycle Management 12.60/15.0.1/15.5
XML External Entity Injection vulnerability in Micro Focus Application Lifecycle Management (Previously known as Quality Center) product.
network
low complexity
microfocus CWE-611
5.5
2021-01-13 CVE-2021-23899 XXE vulnerability in Owasp Json-Sanitizer
OWASP json-sanitizer before 1.2.2 may emit closing SCRIPT tags and CDATA section delimiters for crafted input.
network
low complexity
owasp CWE-611
7.5
2021-01-12 CVE-2020-26981 XXE vulnerability in Siemens Jt2Go and Teamcenter Visualization
A vulnerability has been identified in JT2Go (All versions < V13.1.0), Teamcenter Visualization (All versions < V13.1.0).
network
siemens CWE-611
4.3
2021-01-12 CVE-2020-27148 XXE vulnerability in Tibco EBX Add-Ons
The TIBCO EBX Add-on for Oracle Hyperion EPM, TIBCO EBX Data Exchange Add-on, and TIBCO EBX Insight Add-on components of TIBCO Software Inc.'s TIBCO EBX Add-ons contain a vulnerability that theoretically allows a low privileged attacker with network access to execute an XML External Entity (XXE) attack.
network
low complexity
tibco CWE-611
5.5