Vulnerabilities > Improper Restriction of XML External Entity Reference ('XXE')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-02-11 | CVE-2021-27184 | XXE vulnerability in Pelco Digital Sentry Server 7.18.72.11464 Pelco Digital Sentry Server 7.18.72.11464 has an XML External Entity vulnerability (exploitable via the DTD parameter entities technique), resulting in disclosure and retrieval of arbitrary data on the affected node via an out-of-band (OOB) attack. | 5.0 |
| 2021-02-10 | CVE-2021-20353 | XXE vulnerability in IBM Websphere Application Server IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. | 6.4 |
| 2021-02-01 | CVE-2021-21266 | XXE vulnerability in Openhab openHAB is a vendor and technology agnostic open source automation software for your home. | 4.0 |
| 2021-01-26 | CVE-2020-4949 | XXE vulnerability in IBM Websphere Application Server IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. | 6.4 |
| 2021-01-25 | CVE-2021-23901 | XXE vulnerability in Apache Nutch 0.8.1/0.9 An XML external entity (XXE) injection vulnerability was discovered in the Nutch DmozParser and is known to affect Nutch versions < 1.18. | 6.4 |
| 2021-01-20 | CVE-2020-27858 | XXE vulnerability in Arcserve D2D 16.5 This vulnerability allows remote attackers to disclose sensitive information on affected installations of CA Arcserve D2D 16.5. | 5.0 |
| 2021-01-19 | CVE-2021-22498 | XXE vulnerability in Microfocus Application Lifecycle Management 12.60/15.0.1/15.5 XML External Entity Injection vulnerability in Micro Focus Application Lifecycle Management (Previously known as Quality Center) product. | 5.5 |
| 2021-01-13 | CVE-2021-23899 | XXE vulnerability in Owasp Json-Sanitizer OWASP json-sanitizer before 1.2.2 may emit closing SCRIPT tags and CDATA section delimiters for crafted input. | 7.5 |
| 2021-01-12 | CVE-2020-26981 | XXE vulnerability in Siemens Jt2Go and Teamcenter Visualization A vulnerability has been identified in JT2Go (All versions < V13.1.0), Teamcenter Visualization (All versions < V13.1.0). | 4.3 |
| 2021-01-12 | CVE-2020-27148 | XXE vulnerability in Tibco EBX Add-Ons The TIBCO EBX Add-on for Oracle Hyperion EPM, TIBCO EBX Data Exchange Add-on, and TIBCO EBX Insight Add-on components of TIBCO Software Inc.'s TIBCO EBX Add-ons contain a vulnerability that theoretically allows a low privileged attacker with network access to execute an XML External Entity (XXE) attack. | 5.5 |