Vulnerabilities > Improper Restriction of XML External Entity Reference ('XXE')

DATE CVE VULNERABILITY TITLE RISK
2022-07-18 CVE-2015-8031 XXE vulnerability in Eclipse Hudson
Hudson (aka org.jvnet.hudson.main:hudson-core) before 3.3.2 allows XXE attacks.
network
low complexity
eclipse CWE-611
critical
 9.8
9.8
2022-07-18 CVE-2022-35741 XXE vulnerability in Apache Cloudstack
Apache CloudStack version 4.5.0 and later has a SAML 2.0 authentication Service Provider plugin which is found to be vulnerable to XML external entity (XXE) injection.
network
low complexity
apache CWE-611
critical
 9.8
9.8
2022-07-07 CVE-2021-41042 XXE vulnerability in Eclipse LYO 1.0.0/4.1.0
In Eclipse Lyo versions 1.0.0 to 4.1.0, a TransformerFactory is initialized with the defaults that do not restrict DTD loading when working with RDF/XML.
network
low complexity
eclipse CWE-611
5.3
5.3
2022-06-30 CVE-2022-34793 XXE vulnerability in Jenkins Recipe 1.0/1.1/1.2
Jenkins Recipe Plugin 1.2 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.
network
low complexity
jenkins CWE-611
8.8
8.8
2022-06-24 CVE-2022-23170 XXE vulnerability in Sysaid Okta SSO 22.1.49/22.1.63
SysAid - Okta SSO integration - was found vulnerable to XML External Entity Injection vulnerability.
network
low complexity
sysaid CWE-611
critical
 9.8
9.8
2022-06-21 CVE-2021-40510 XXE vulnerability in Obdasystems Mastro 1.0
XML eXternal Entity (XXE) in OBDA systems’ Mastro 1.0 allows remote attackers to read system files via custom DTDs.
network
low complexity
obdasystems CWE-611
7.5
7.5
2022-06-17 CVE-2021-45024 XXE vulnerability in Rocketsoftware Ags-Zena 4.2.1
ASG technologies ( A Rocket Software Company) ASG-Zena Cross Platform Server Enterprise Edition 4.2.1 is vulnerable to XML External Entity (XXE).
network
low complexity
rocketsoftware CWE-611
critical
 9.8
9.8
2022-06-16 CVE-2021-41411 XXE vulnerability in Redhat Drools 6.1.0
drools <=7.59.x is affected by an XML External Entity (XXE) vulnerability in KieModuleMarshaller.java.
network
low complexity
redhat CWE-611
critical
 9.8
9.8
2022-06-14 CVE-2022-32285 XXE vulnerability in Mendix Saml
A vulnerability has been identified in Mendix SAML Module (Mendix 7 compatible) (All versions < V1.16.6), Mendix SAML Module (Mendix 8 compatible) (All versions < V2.2.2), Mendix SAML Module (Mendix 9 compatible) (All versions < V3.2.3).
network
low complexity
mendix CWE-611
7.5
7.5
2022-06-14 CVE-2022-31447 XXE vulnerability in Magicpin 3.4
An XML external entity (XXE) injection vulnerability in Magicpin v3.4 allows attackers to access sensitive database information via a crafted SVG file.
network
low complexity
magicpin CWE-611
7.5
7.5