Vulnerabilities > Improper Restriction of XML External Entity Reference ('XXE')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-12-29 | CVE-2021-4295 | XXE vulnerability in Healthit Code-Validator-Api A vulnerability classified as problematic was found in ONC code-validator-api up to 1.0.30. | 9.8 |
| 2022-12-18 | CVE-2022-4607 | XXE vulnerability in TUM OGC web Feature Service A vulnerability was found in 3D City Database OGC Web Feature Service up to 5.2.0. | 9.8 |
| 2022-12-18 | CVE-2022-47514 | XXE vulnerability in Xml-Rpc.Net Project Xml-Rpc.Net An XML external entity (XXE) injection vulnerability in XML-RPC.NET before 2.5.0 allows remote authenticated users to conduct server-side request forgery (SSRF) attacks, as demonstrated by a pingback.aspx POST request. | 8.8 |
| 2022-12-16 | CVE-2022-25628 | XXE vulnerability in Broadcom Symantec Identity Governance and Administration 14.3/14.4 An authenticated user can perform XML eXternal Entity injection in Management Console in Symantec Identity Manager 14.4 | 8.8 |
| 2022-12-12 | CVE-2022-37911 | XXE vulnerability in Arubanetworks Arubaos and Sd-Wan Due to improper restrictions on XML entities multiple vulnerabilities exist in the command line interface of ArubaOS. | 5.5 |
| 2022-12-12 | CVE-2022-46682 | XXE vulnerability in Jenkins Plot Jenkins Plot Plugin 2.1.11 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | 9.8 |
| 2022-12-08 | CVE-2022-46827 | XXE vulnerability in Jetbrains Intellij Idea In JetBrains IntelliJ IDEA before 2022.3 an XXE attack leading to SSRF via requests to custom plugin repositories was possible. | 5.5 |
| 2022-12-06 | CVE-2022-45326 | XXE vulnerability in Kwoksys Information Server An XML external entity (XXE) injection vulnerability in Kwoksys Kwok Information Server before v2.9.5.SP31 allows remote authenticated users to conduct server-side request forgery (SSRF) attacks. | 4.9 |
| 2022-11-23 | CVE-2022-40771 | XXE vulnerability in Zohocorp products Zoho ManageEngine ServiceDesk Plus versions 13010 and prior are vulnerable to an XML External Entity attack that leads to Information Disclosure. | 4.9 |
| 2022-11-16 | CVE-2022-3980 | XXE vulnerability in Sophos Mobile 5.0.0/9.7.3/9.7.4 An XML External Entity (XEE) vulnerability allows server-side request forgery (SSRF) and potential code execution in Sophos Mobile managed on-premises between versions 5.0.0 and 9.7.4. | 9.8 |