Vulnerabilities > Improper Restriction of XML External Entity Reference ('XXE')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-01-26 | CVE-2023-24441 | XXE vulnerability in Jenkins Mstest Jenkins MSTest Plugin 1.0.0 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | 9.8 |
| 2023-01-26 | CVE-2023-24443 | XXE vulnerability in Jenkins Testcomplete Support Jenkins TestComplete support Plugin 2.8.1 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | 9.8 |
| 2023-01-17 | CVE-2023-22624 | XXE vulnerability in Zohocorp Manageengine Exchange Reporter Plus Zoho ManageEngine Exchange Reporter Plus before 5708 allows attackers to conduct XXE attacks. | 7.5 |
| 2023-01-15 | CVE-2023-23595 | XXE vulnerability in Bluecatnetworks Device Registration Portal 2.2 BlueCat Device Registration Portal 2.2 allows XXE attacks that exfiltrate single-line files. | 7.5 |
| 2023-01-09 | CVE-2021-4311 | XXE vulnerability in Talend Open Studio A vulnerability classified as problematic was found in Talend Open Studio for MDM. | 9.8 |
| 2023-01-05 | CVE-2020-36640 | XXE vulnerability in Bonitasoft Webservice Connector A vulnerability, which was classified as problematic, was found in bonitasoft bonita-connector-webservice up to 1.3.0. | 9.8 |
| 2022-12-29 | CVE-2021-4295 | XXE vulnerability in Healthit Code-Validator-Api A vulnerability classified as problematic was found in ONC code-validator-api up to 1.0.30. | 9.8 |
| 2022-12-18 | CVE-2022-4607 | XXE vulnerability in TUM OGC web Feature Service A vulnerability was found in 3D City Database OGC Web Feature Service up to 5.2.0. | 9.8 |
| 2022-12-18 | CVE-2022-47514 | XXE vulnerability in Xml-Rpc.Net Project Xml-Rpc.Net An XML external entity (XXE) injection vulnerability in XML-RPC.NET before 2.5.0 allows remote authenticated users to conduct server-side request forgery (SSRF) attacks, as demonstrated by a pingback.aspx POST request. | 8.8 |
| 2022-12-16 | CVE-2022-25628 | XXE vulnerability in Broadcom Symantec Identity Governance and Administration 14.3/14.4 An authenticated user can perform XML eXternal Entity injection in Management Console in Symantec Identity Manager 14.4 | 8.8 |