Vulnerabilities > Improper Restriction of XML External Entity Reference ('XXE')
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-03-25 | CVE-2021-43090 | XXE vulnerability in Predic8 SOA Model An XML External Entity (XXE) vulnerability exists in soa-model before 1.6.4 in the WSDLParser function. | 7.5 |
2022-03-23 | CVE-2022-0861 | XXE vulnerability in Mcafee Epolicy Orchestrator A XML Extended entity vulnerability in McAfee Enterprise ePolicy Orchestrator (ePO) prior to 5.10 Update 13 allows a remote administrator attacker to upload a malicious XML file through the extension import functionality. | 3.8 |
2022-03-20 | CVE-2021-42194 | XXE vulnerability in Eyoucms 1.5.4 The wechat_return function in /controller/Index.php of EyouCms V1.5.4-UTF8-SP3 passes the user's input directly into the simplexml_ load_ String function, which itself does not prohibit external entities, triggering a XML external entity (XXE) injection vulnerability. | 6.5 |
2022-03-15 | CVE-2022-27193 | XXE vulnerability in Cvrf-Csaf-Converter Project Cvrf-Csaf-Converter 1.0.0 CVRF-CSAF-Converter before 1.0.0-rc2 resolves XML External Entities (XXE). | 5.5 |
2022-03-10 | CVE-2022-26661 | XXE vulnerability in multiple products An XXE issue was discovered in Tryton Application Platform (Server) 5.x through 5.0.45, 6.x through 6.0.15, and 6.1.x and 6.2.x through 6.2.5, and Tryton Application Platform (Command Line Client (proteus)) 5.x through 5.0.11, 6.x through 6.0.4, and 6.1.x and 6.2.x through 6.2.1. | 4.0 |
2022-03-10 | CVE-2022-22795 | XXE vulnerability in Signiant Manager+Agents Signiant - Manager+Agents XML External Entity (XXE) - Extract internal files of the affected machine An attacker can read all the system files, the product is running with root on Linux systems and nt/authority on windows systems, which allows him to access and extract any file on the systems, such as passwd, shadow, hosts and so on. | 6.4 |
2022-03-10 | CVE-2022-22835 | XXE vulnerability in Overit Geocall 6.3 An issue was discovered in OverIT Geocall before version 8.0. | 6.5 |
2022-03-05 | CVE-2022-25312 | XXE vulnerability in Apache Any23 An XML external entity (XXE) injection vulnerability was discovered in the Any23 RDFa XSLTStylesheet extractor and is known to affect Any23 versions < 2.7. | 6.4 |
2022-03-04 | CVE-2022-0839 | XXE vulnerability in multiple products Improper Restriction of XML External Entity Reference in GitHub repository liquibase/liquibase prior to 4.8.0. | 9.8 |
2022-03-03 | CVE-2022-0265 | XXE vulnerability in Hazelcast 5.1 Improper Restriction of XML External Entity Reference in GitHub repository hazelcast/hazelcast in 5.1-BETA-1. | 7.5 |