Vulnerabilities > Improper Restriction of XML External Entity Reference ('XXE')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-12-18 | CVE-2022-4607 | XXE vulnerability in TUM OGC web Feature Service A vulnerability was found in 3D City Database OGC Web Feature Service up to 5.2.0. | 9.8 |
| 2022-12-18 | CVE-2022-47514 | XXE vulnerability in Xml-Rpc.Net Project Xml-Rpc.Net An XML external entity (XXE) injection vulnerability in XML-RPC.NET before 2.5.0 allows remote authenticated users to conduct server-side request forgery (SSRF) attacks, as demonstrated by a pingback.aspx POST request. | 8.8 |
| 2022-12-16 | CVE-2022-25628 | XXE vulnerability in Broadcom Symantec Identity Governance and Administration 14.3/14.4 An authenticated user can perform XML eXternal Entity injection in Management Console in Symantec Identity Manager 14.4 | 8.8 |
| 2022-12-12 | CVE-2022-37911 | XXE vulnerability in Arubanetworks Arubaos and Sd-Wan Due to improper restrictions on XML entities multiple vulnerabilities exist in the command line interface of ArubaOS. | 5.5 |
| 2022-12-12 | CVE-2022-46682 | XXE vulnerability in Jenkins Plot Jenkins Plot Plugin 2.1.11 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | 9.8 |
| 2022-12-08 | CVE-2022-46827 | XXE vulnerability in Jetbrains Intellij Idea In JetBrains IntelliJ IDEA before 2022.3 an XXE attack leading to SSRF via requests to custom plugin repositories was possible. | 5.5 |
| 2022-12-06 | CVE-2022-45326 | XXE vulnerability in Kwoksys Information Server An XML external entity (XXE) injection vulnerability in Kwoksys Kwok Information Server before v2.9.5.SP31 allows remote authenticated users to conduct server-side request forgery (SSRF) attacks. | 4.9 |
| 2022-11-23 | CVE-2022-40771 | XXE vulnerability in Zohocorp products Zoho ManageEngine ServiceDesk Plus versions 13010 and prior are vulnerable to an XML External Entity attack that leads to Information Disclosure. | 4.9 |
| 2022-11-16 | CVE-2022-3980 | XXE vulnerability in Sophos Mobile 5.0.0/9.7.3/9.7.4 An XML External Entity (XEE) vulnerability allows server-side request forgery (SSRF) and potential code execution in Sophos Mobile managed on-premises between versions 5.0.0 and 9.7.4. | 9.8 |
| 2022-11-15 | CVE-2022-20938 | XXE vulnerability in Cisco Secure Firewall Management Center A vulnerability in the module import function of the administrative interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to view sensitive information. This vulnerability is due to insufficient validation of the XML syntax when importing a module. | 4.3 |