Vulnerabilities > Improper Restriction of XML External Entity Reference ('XXE')

DATE CVE VULNERABILITY TITLE RISK
2021-09-08 CVE-2021-3055 XXE vulnerability in Paloaltonetworks Pan-Os
An improper restriction of XML external entity (XXE) reference vulnerability in the Palo Alto Networks PAN-OS web interface enables an authenticated administrator to read any arbitrary file from the file system and send a specifically crafted request to the firewall that causes the service to crash.
network
low complexity
paloaltonetworks CWE-611
7.5
2021-09-02 CVE-2021-34436 XXE vulnerability in Eclipse Theia 0.1.1/0.2.0
In Eclipse Theia 0.1.1 to 0.2.0, it is possible to exploit the default build to obtain remote code execution (and XXE) via the theia-xml-extension.
network
low complexity
eclipse CWE-611
7.5
2021-08-31 CVE-2021-21680 XXE vulnerability in Jenkins Nested View
Jenkins Nested View Plugin 1.20 and earlier does not configure its XML transformer to prevent XML external entity (XXE) attacks.
network
low complexity
jenkins CWE-611
5.5
2021-08-23 CVE-2021-39371 XXE vulnerability in multiple products
An XML external entity (XXE) injection in PyWPS before 4.4.5 allows an attacker to view files on the application server filesystem by assigning a path to the entity.
network
low complexity
github osgeo debian CWE-611
5.0
2021-08-16 CVE-2020-18703 XXE vulnerability in Quokka Project Quokka 0.4.0
XML External Entities (XXE) in Quokka v0.4.0 allows remote attackers to execute arbitrary code via the component 'quokka/utils/atom.py'.
network
low complexity
quokka-project CWE-611
7.5
2021-08-16 CVE-2020-18705 XXE vulnerability in Quokka Project Quokka 0.4.0
XML External Entities (XXE) in Quokka v0.4.0 allows remote attackers to execute arbitrary code via the component 'quokka/core/content/views.py'.
network
low complexity
quokka-project CWE-611
7.5
2021-08-13 CVE-2021-34823 XXE vulnerability in On24 Screenshare
The ON24 ScreenShare (aka DesktopScreenShare.app) plugin before 2.0 for macOS allows remote file access via its built-in HTTP server.
network
low complexity
on24 CWE-611
6.4
2021-08-13 CVE-2021-27741 XXE vulnerability in Hcltechsw HCL Commerce
" Security vulnerability in HCL Commerce Management Center allowing XML external entity (XXE) injection"
network
low complexity
hcltechsw CWE-611
6.4
2021-08-10 CVE-2021-37425 XXE vulnerability in Altova Mobiletogether Server 7.3
Altova MobileTogether Server before 7.3 SP1 allows XXE attacks, such as an InfoSetChanges/Changes attack against /workflowmanagement, or reading mobiletogetherserver.cfg and then reading the certificate and private key.
network
low complexity
altova CWE-611
6.4
2021-08-05 CVE-2021-1630 XXE vulnerability in Salesforce Mule
XML external entity (XXE) vulnerability affecting certain versions of a Mule runtime component that may affect CloudHub, GovCloud, Runtime Fabric, Pivotal Cloud Foundry, Private Cloud Edition, and on-premise customers.
network
low complexity
salesforce CWE-611
5.0