Vulnerabilities > Improper Restriction of XML External Entity Reference ('XXE')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-04-26 | CVE-2023-28009 | XXE vulnerability in Hcltech Workload Automation 10.1.0/9.4.0/9.5.0 HCL Workload Automation is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. | 8.1 |
| 2023-04-25 | CVE-2023-26057 | XXE vulnerability in Nokia Netact 20.1 An XXE issue was discovered in Nokia NetAct before 22 FP2211 via an XML document to the Configuration Dashboard page. | 6.5 |
| 2023-04-25 | CVE-2023-26058 | XXE vulnerability in Nokia Netact 20.1 An XXE issue was discovered in Nokia NetAct before 22 FP2211 via an XML document to a Performance Manager page. | 6.5 |
| 2023-04-16 | CVE-2022-38840 | XXE vulnerability in Guralp Man-Eam-0003 3.2.4 cgi-bin/xmlstatus.cgi in Güralp MAN-EAM-0003 3.2.4 is vulnerable to an XML External Entity (XXE) issue via XML file upload, which leads to local file disclosure. | 7.5 |
| 2023-04-13 | CVE-2023-26263 | XXE vulnerability in Talend Data Catalog 7.320210930 All versions of Talend Data Catalog before 8.0-20230110 are potentially vulnerable to XML External Entity (XXE) attacks in the /MIMBWebServices/license endpoint of the remote harvesting server. | 5.5 |
| 2023-04-13 | CVE-2023-26264 | XXE vulnerability in Talend Data Catalog 7.320210930 All versions of Talend Data Catalog before 8.0-20220907 are potentially vulnerable to XML External Entity (XXE) attacks in the license parsing code. | 5.5 |
| 2023-04-11 | CVE-2023-25955 | XXE vulnerability in Mlit National Land Numerical Information Data Conversion Tool National land numerical information data conversion tool all versions improperly restricts XML external entity references (XXE). | 5.5 |
| 2023-04-11 | CVE-2023-28340 | XXE vulnerability in Zohocorp Manageengine Applications Manager Zoho ManageEngine Applications Manager through 16320 allows the admin user to conduct an XXE attack. | 6.5 |
| 2023-04-05 | CVE-2023-20030 | XXE vulnerability in Cisco Identity Services Engine A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to access sensitive information, conduct a server-side request forgery (SSRF) attack through an affected device, or negatively impact the responsiveness of the web-based management interface itself. | 6.0 |
| 2023-04-03 | CVE-2022-43941 | XXE vulnerability in Hitachi Vantara Pentaho Business Analytics Server 9.4.0.0 Hitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.1 and 9.3.0.2, including 8.3.x do not correctly protect the Post Analysis service endpoint of the data access plugin against out-of-band XML External Entity Reference. | 6.5 |