Vulnerabilities > Improper Restriction of XML External Entity Reference ('XXE')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-02-09 | CVE-2023-24323 | XXE vulnerability in Mojoportal 2.7.0.0 Mojoportal v2.7 was discovered to contain an authenticated XML external entity (XXE) injection vulnerability. | 8.8 |
| 2023-02-03 | CVE-2022-45588 | XXE vulnerability in Talend Remote Engine GEN 2 All versions before R2022-09 of Talend's Remote Engine Gen 2 are potentially vulnerable to XML External Entity (XXE) type of attacks. | 7.8 |
| 2023-02-03 | CVE-2022-22486 | XXE vulnerability in IBM Tivoli Workload Scheduler 10.1/9.4/9.5 IBM Tivoli Workload Scheduler 9.4, 9.5, and 10.1 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. | 9.1 |
| 2023-01-31 | CVE-2022-47873 | XXE vulnerability in Netcad Keos 1.0 Netcad KEOS 1.0 is vulnerable to XML External Entity (XXE) resulting in SSRF with XXE (remote). | 9.8 |
| 2023-01-30 | CVE-2023-22322 | XXE vulnerability in Omron Cx-Motion PRO 1.4.6.013 Improper restriction of XML external entity reference (XXE) vulnerability exists in OMRON CX-Motion Pro 1.4.6.013 and earlier. | 5.5 |
| 2023-01-26 | CVE-2023-24429 | XXE vulnerability in Jenkins Semantic Versioning Jenkins Semantic Versioning Plugin 1.14 and earlier does not restrict execution of an controller/agent message to agents, and implements no limitations about the file path that can be parsed, allowing attackers able to control agent processes to have Jenkins parse a crafted file that uses external entities for extraction of secrets from the Jenkins controller or server-side request forgery. | 9.8 |
| 2023-01-26 | CVE-2023-24430 | XXE vulnerability in Jenkins Semantic Versioning Jenkins Semantic Versioning Plugin 1.14 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | 9.8 |
| 2023-01-26 | CVE-2023-24441 | XXE vulnerability in Jenkins Mstest Jenkins MSTest Plugin 1.0.0 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | 9.8 |
| 2023-01-26 | CVE-2023-24443 | XXE vulnerability in Jenkins Testcomplete Support Jenkins TestComplete support Plugin 2.8.1 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | 9.8 |
| 2023-01-17 | CVE-2023-22624 | XXE vulnerability in Zohocorp Manageengine Exchange Reporter Plus Zoho ManageEngine Exchange Reporter Plus before 5708 allows attackers to conduct XXE attacks. | 7.5 |