Vulnerabilities > Improper Restriction of XML External Entity Reference ('XXE')
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-02-21 | CVE-2023-26267 | XXE vulnerability in PHP-Saml-Sp Project PHP-Saml-Sp php-saml-sp before 1.1.1 and 2.x before 2.1.1 allows reading arbitrary files as the webserver user because resolving XML external entities was silently enabled via \LIBXML_DTDLOAD | \LIBXML_DTDATTR. | 6.5 |
2023-02-17 | CVE-2021-33950 | XXE vulnerability in Openkm 6.3.10 An issue discovered in OpenKM v6.3.10 allows attackers to obtain sensitive information via the XMLTextExtractor function. | 7.5 |
2023-02-16 | CVE-2022-39954 | XXE vulnerability in Fortinet Fortinac and Fortinac-F An improper restriction of xml external entity reference in Fortinet FortiNAC version 9.4.0 through 9.4.1, FortiNAC version 9.2.0 through 9.2.7, FortiNAC version 9.1.0 through 9.1.8, FortiNAC version 8.8.0 through 8.8.11, FortiNAC version 8.7.0 through 8.7.6, FortiNAC version 8.6.0 through 8.6.5, FortiNAC version 8.5.0 through 8.5.4, FortiNAC version 8.3.7 allows attacker to read arbitrary files or trigger a denial of service via specifically crafted XML documents. | 9.1 |
2023-02-15 | CVE-2023-22377 | XXE vulnerability in Fujitsu products Improper restriction of XML external entity reference (XXE) vulnerability exists in tsClinical Define.xml Generator all versions (v1.0.0 to v1.4.0) and tsClinical Metadata Desktop Tools Version 1.0.3 to Version 1.1.0. | 7.4 |
2023-02-14 | CVE-2023-24187 | XXE vulnerability in Ureport Project Ureport 2.2.9 An XML External Entity (XXE) vulnerability in ureport v2.2.9 allows attackers to execute arbitrary code via uploading a crafted XML file to /ureport/designer/saveReportFile. | 7.8 |
2023-02-10 | CVE-2023-22832 | XXE vulnerability in Apache Nifi The ExtractCCDAAttributes Processor in Apache NiFi 1.2.0 through 1.19.1 does not restrict XML External Entity references. Flow configurations that include the ExtractCCDAAttributes Processor are vulnerable to malicious XML documents that contain Document Type Declarations with XML External Entity references. The resolution disables Document Type Declarations and disallows XML External Entity resolution in the ExtractCCDAAttributes Processor. | 7.5 |
2023-02-09 | CVE-2023-24323 | XXE vulnerability in Mojoportal 2.7.0.0 Mojoportal v2.7 was discovered to contain an authenticated XML external entity (XXE) injection vulnerability. | 8.8 |
2023-02-03 | CVE-2022-45588 | XXE vulnerability in Talend Remote Engine GEN 2 All versions before R2022-09 of Talend's Remote Engine Gen 2 are potentially vulnerable to XML External Entity (XXE) type of attacks. | 7.8 |
2023-02-03 | CVE-2022-22486 | XXE vulnerability in IBM Tivoli Workload Scheduler 10.1/9.4/9.5 IBM Tivoli Workload Scheduler 9.4, 9.5, and 10.1 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. | 9.1 |
2023-01-31 | CVE-2022-47873 | XXE vulnerability in Netcad Keos 1.0 Netcad KEOS 1.0 is vulnerable to XML External Entity (XXE) resulting in SSRF with XXE (remote). | 9.8 |