Vulnerabilities > Improper Restriction of XML External Entity Reference ('XXE')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-12-08 | CVE-2021-44557 | XXE vulnerability in KB Multiner National Library of the Netherlands multiNER <= c0440948057afc6e3d6b4903a7c05e666b94a3bc is affected by an XML External Entity (XXE) vulnerability in multiNER/ner.py. | 6.4 |
| 2021-12-01 | CVE-2021-42776 | XXE vulnerability in Cloverdx CloverDX Server before 5.11.2 and and 5.12.x before 5.12.1 allows XXE during configuration import. | 6.8 |
| 2021-11-22 | CVE-2021-44147 | XXE vulnerability in Claris Filemaker PRO and Filemaker Server An XML External Entity issue in Claris FileMaker Pro and Server (including WebDirect) before 19.4.1 allows a remote attacker to disclose local files via a crafted XML/Excel document and perform server-side request forgery attacks. | 4.3 |
| 2021-11-12 | CVE-2021-21701 | XXE vulnerability in Jenkins Performance 3.20 Jenkins Performance Plugin 3.20 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | 6.5 |
| 2021-11-12 | CVE-2021-43576 | XXE vulnerability in Jenkins Pom2Config 1.2 Jenkins pom2config Plugin 1.2 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks, allowing attackers with Overall/Read and Item/Read permissions to have Jenkins parse a crafted XML file that uses external entities for extraction of secrets from the Jenkins controller or server-side request forgery. | 6.5 |
| 2021-11-12 | CVE-2021-43577 | XXE vulnerability in Jenkins Owasp Dependency-Check Jenkins OWASP Dependency-Check Plugin 5.1.1 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | 7.1 |
| 2021-11-02 | CVE-2021-36172 | XXE vulnerability in Fortinet Fortiportal An improper restriction of XML external entity reference vulnerability in the parser of XML responses of FortiPortal before 6.0.6 may allow an attacker who controls the producer of XML reports consumed by FortiPortal to trigger a denial of service or read arbitrary files from the underlying file system by means of specifically crafted XML documents. | 6.4 |
| 2021-11-01 | CVE-2021-20838 | XXE vulnerability in Antennahouse Office Server Document Converter Office Server Document Converter V7.2MR4 and earlier and V7.1MR7 and earlier allows a remote unauthenticated attacker to conduct an XML External Entity (XXE) attack to cause a denial of service (DoS) condition by processing a specially crafted XML document. | 5.0 |
| 2021-11-01 | CVE-2021-20839 | XXE vulnerability in Antennahouse Office Server Document Converter Office Server Document Converter V7.2MR4 and earlier and V7.1MR7 and earlier allows a remote unauthenticated attacker to conduct an XML External Entity (XXE) attack to cause a denial of service (DoS) condition to the other servers by processing a specially crafted XML document. | 4.3 |
| 2021-10-31 | CVE-2020-26705 | XXE vulnerability in Easyxml Project Easyxml 0.5.0 The parseXML function in Easy-XML 0.5.0 was discovered to have a XML External Entity (XXE) vulnerability which allows for an attacker to expose sensitive data or perform a denial of service (DOS) via a crafted external entity entered into the XML content as input. | 9.1 |