Vulnerabilities > Improper Restriction of XML External Entity Reference ('XXE')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-03-29 | CVE-2022-28154 | XXE vulnerability in Jenkins Coverage/Complexity Scatter Plot Jenkins Coverage/Complexity Scatter Plot Plugin 1.1.1 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | 8.1 |
| 2022-03-29 | CVE-2022-28155 | XXE vulnerability in Jenkins Pipeline: Phoenix Autotest Jenkins Pipeline: Phoenix AutoTest Plugin 1.3 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | 8.1 |
| 2022-03-25 | CVE-2021-44477 | XXE vulnerability in GE Toolboxst 04.07.05C GE Gas Power ToolBoxST Version v04.07.05C suffers from an XML external entity (XXE) vulnerability using the DTD parameter entities technique that could result in disclosure and retrieval of arbitrary data on the affected node via an out-of-band (OOB) attack. | 7.5 |
| 2022-03-25 | CVE-2021-43090 | XXE vulnerability in Predic8 SOA Model An XML External Entity (XXE) vulnerability exists in soa-model before 1.6.4 in the WSDLParser function. | 9.8 |
| 2022-03-23 | CVE-2022-0861 | XXE vulnerability in Mcafee Epolicy Orchestrator A XML Extended entity vulnerability in McAfee Enterprise ePolicy Orchestrator (ePO) prior to 5.10 Update 13 allows a remote administrator attacker to upload a malicious XML file through the extension import functionality. | 3.8 |
| 2022-03-20 | CVE-2021-42194 | XXE vulnerability in Eyoucms 1.5.4 The wechat_return function in /controller/Index.php of EyouCms V1.5.4-UTF8-SP3 passes the user's input directly into the simplexml_ load_ String function, which itself does not prohibit external entities, triggering a XML external entity (XXE) injection vulnerability. | 7.2 |
| 2022-03-15 | CVE-2022-27193 | XXE vulnerability in Cvrf-Csaf-Converter Project Cvrf-Csaf-Converter 1.0.0 CVRF-CSAF-Converter before 1.0.0-rc2 resolves XML External Entities (XXE). | 5.5 |
| 2022-03-10 | CVE-2022-26661 | XXE vulnerability in multiple products An XXE issue was discovered in Tryton Application Platform (Server) 5.x through 5.0.45, 6.x through 6.0.15, and 6.1.x and 6.2.x through 6.2.5, and Tryton Application Platform (Command Line Client (proteus)) 5.x through 5.0.11, 6.x through 6.0.4, and 6.1.x and 6.2.x through 6.2.1. | 6.5 |
| 2022-03-10 | CVE-2022-22795 | XXE vulnerability in Signiant Manager+Agents Signiant - Manager+Agents XML External Entity (XXE) - Extract internal files of the affected machine An attacker can read all the system files, the product is running with root on Linux systems and nt/authority on windows systems, which allows him to access and extract any file on the systems, such as passwd, shadow, hosts and so on. | 9.1 |
| 2022-03-10 | CVE-2022-22835 | XXE vulnerability in Overit Geocall 6.3 An issue was discovered in OverIT Geocall before version 8.0. | 6.5 |