Vulnerabilities > Improper Restriction of XML External Entity Reference ('XXE')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-11-15 | CVE-2022-20938 | XXE vulnerability in Cisco Secure Firewall Management Center A vulnerability in the module import function of the administrative interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to view sensitive information. This vulnerability is due to insufficient validation of the XML syntax when importing a module. | 4.3 |
| 2022-11-15 | CVE-2022-45386 | XXE vulnerability in Jenkins Violations 0.7.11 Jenkins Violations Plugin 0.7.11 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | 5.5 |
| 2022-11-15 | CVE-2022-45395 | XXE vulnerability in Jenkins Cccc Jenkins CCCC Plugin 0.6 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | 9.8 |
| 2022-11-15 | CVE-2022-45396 | XXE vulnerability in Jenkins Sourcemonitor 0.2 Jenkins SourceMonitor Plugin 0.2 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | 9.8 |
| 2022-11-15 | CVE-2022-45397 | XXE vulnerability in Jenkins OSF Builder Suite :: XML Linter 1.0.2 Jenkins OSF Builder Suite : : XML Linter Plugin 1.0.2 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | 9.8 |
| 2022-11-15 | CVE-2022-45400 | XXE vulnerability in Jenkins Japex 1.7 Jenkins JAPEX Plugin 1.7 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | 9.8 |
| 2022-11-14 | CVE-2022-43689 | XXE vulnerability in Concretecms Concrete CMS Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2 is vulnerable to XXE based DNS requests leading to IP disclosure. | 5.3 |
| 2022-11-12 | CVE-2022-45194 | XXE vulnerability in Bruhn-Newtech Cbrn-Analysis CBRN-Analysis before 22 allows XXE attacks via am mws XML document, leading to NTLMv2-SSP hash disclosure. | 4.7 |
| 2022-11-04 | CVE-2022-43570 | XXE vulnerability in Splunk and Splunk Cloud Platform In Splunk Enterprise versions below 8.1.12, 8.2.9, and 9.0.2, an authenticated user can perform an extensible markup language (XML) external entity (XXE) injection via a custom View. | 6.5 |
| 2022-11-04 | CVE-2022-3340 | XXE vulnerability in Trellix Intrusion Prevention System Manager 10.1 XML External Entity (XXE) vulnerability in Trellix IPS Manager prior to 10.1 M8 allows a remote authenticated administrator to perform XXE attack in the administrator interface part of the interface, which allows a saved XML configuration file to be imported. | 7.2 |