Vulnerabilities > Improper Restriction of XML External Entity Reference ('XXE')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-12-12 | CVE-2022-37911 | XXE vulnerability in Arubanetworks Arubaos and Sd-Wan Due to improper restrictions on XML entities multiple vulnerabilities exist in the command line interface of ArubaOS. | 5.5 |
| 2022-12-12 | CVE-2022-46682 | XXE vulnerability in Jenkins Plot Jenkins Plot Plugin 2.1.11 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | 9.8 |
| 2022-12-08 | CVE-2022-46827 | XXE vulnerability in Jetbrains Intellij Idea In JetBrains IntelliJ IDEA before 2022.3 an XXE attack leading to SSRF via requests to custom plugin repositories was possible. | 5.5 |
| 2022-12-06 | CVE-2022-45326 | XXE vulnerability in Kwoksys Information Server An XML external entity (XXE) injection vulnerability in Kwoksys Kwok Information Server before v2.9.5.SP31 allows remote authenticated users to conduct server-side request forgery (SSRF) attacks. | 4.9 |
| 2022-11-23 | CVE-2022-40771 | XXE vulnerability in Zohocorp products Zoho ManageEngine ServiceDesk Plus versions 13010 and prior are vulnerable to an XML External Entity attack that leads to Information Disclosure. | 4.9 |
| 2022-11-16 | CVE-2022-3980 | XXE vulnerability in Sophos Mobile 5.0.0/9.7.3/9.7.4 An XML External Entity (XEE) vulnerability allows server-side request forgery (SSRF) and potential code execution in Sophos Mobile managed on-premises between versions 5.0.0 and 9.7.4. | 9.8 |
| 2022-11-15 | CVE-2022-20938 | XXE vulnerability in Cisco Secure Firewall Management Center A vulnerability in the module import function of the administrative interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to view sensitive information. This vulnerability is due to insufficient validation of the XML syntax when importing a module. | 4.3 |
| 2022-11-15 | CVE-2022-45386 | XXE vulnerability in Jenkins Violations 0.7.11 Jenkins Violations Plugin 0.7.11 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | 5.5 |
| 2022-11-15 | CVE-2022-45395 | XXE vulnerability in Jenkins Cccc Jenkins CCCC Plugin 0.6 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | 9.8 |
| 2022-11-15 | CVE-2022-45396 | XXE vulnerability in Jenkins Sourcemonitor 0.2 Jenkins SourceMonitor Plugin 0.2 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | 9.8 |