Vulnerabilities > Improper Restriction of XML External Entity Reference ('XXE')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-04-11 | CVE-2023-25955 | XXE vulnerability in Mlit National Land Numerical Information Data Conversion Tool National land numerical information data conversion tool all versions improperly restricts XML external entity references (XXE). | 5.5 |
| 2023-04-11 | CVE-2023-28340 | XXE vulnerability in Zohocorp Manageengine Applications Manager Zoho ManageEngine Applications Manager through 16320 allows the admin user to conduct an XXE attack. | 6.5 |
| 2023-04-05 | CVE-2023-20030 | XXE vulnerability in Cisco Identity Services Engine A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to access sensitive information, conduct a server-side request forgery (SSRF) attack through an affected device, or negatively impact the responsiveness of the web-based management interface itself. | 6.0 |
| 2023-04-03 | CVE-2022-43941 | XXE vulnerability in Hitachi Vantara Pentaho Business Analytics Server 9.4.0.0 Hitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.1 and 9.3.0.2, including 8.3.x do not correctly protect the Post Analysis service endpoint of the data access plugin against out-of-band XML External Entity Reference. | 6.5 |
| 2023-04-02 | CVE-2023-28680 | XXE vulnerability in Jenkins Crap4J Jenkins Crap4J Plugin 0.9 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | 7.5 |
| 2023-04-02 | CVE-2023-28681 | XXE vulnerability in Jenkins Visual Studio Code Metrics Jenkins Visual Studio Code Metrics Plugin 1.7 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | 8.2 |
| 2023-04-02 | CVE-2023-28682 | XXE vulnerability in Jenkins Performance Publisher Jenkins Performance Publisher Plugin 8.09 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | 8.2 |
| 2023-04-02 | CVE-2023-28683 | XXE vulnerability in Jenkins Phabricator Differential Jenkins Phabricator Differential Plugin 2.1.5 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | 8.2 |
| 2023-04-02 | CVE-2023-28684 | XXE vulnerability in Jenkins Remote-Jobs-View 0.0.2/0.0.3 Jenkins remote-jobs-view-plugin Plugin 0.0.3 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | 6.5 |
| 2023-03-24 | CVE-2023-28150 | XXE vulnerability in Independentsoft Jodf An issue was discovered in Independentsoft JODF before 1.1.110. | 9.8 |