Vulnerabilities > Improper Restriction of XML External Entity Reference ('XXE')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-03-30 | CVE-2021-43142 | XXE vulnerability in JOX Project JOX 1.16 An XML External Entity (XXE) vulnerability exists in wuta jox 1.16 in the readObject method in JOXSAXBeanInput. | 9.8 |
| 2022-03-29 | CVE-2022-28140 | XXE vulnerability in Jenkins Flaky Test Handler Jenkins Flaky Test Handler Plugin 1.2.1 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | 8.1 |
| 2022-03-29 | CVE-2022-28154 | XXE vulnerability in Jenkins Coverage/Complexity Scatter Plot Jenkins Coverage/Complexity Scatter Plot Plugin 1.1.1 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | 8.1 |
| 2022-03-29 | CVE-2022-28155 | XXE vulnerability in Jenkins Pipeline: Phoenix Autotest Jenkins Pipeline: Phoenix AutoTest Plugin 1.3 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | 8.1 |
| 2022-03-25 | CVE-2021-44477 | XXE vulnerability in GE Toolboxst 04.07.05C GE Gas Power ToolBoxST Version v04.07.05C suffers from an XML external entity (XXE) vulnerability using the DTD parameter entities technique that could result in disclosure and retrieval of arbitrary data on the affected node via an out-of-band (OOB) attack. | 7.5 |
| 2022-03-25 | CVE-2021-43090 | XXE vulnerability in Predic8 SOA Model An XML External Entity (XXE) vulnerability exists in soa-model before 1.6.4 in the WSDLParser function. | 9.8 |
| 2022-03-23 | CVE-2022-0861 | XXE vulnerability in Mcafee Epolicy Orchestrator A XML Extended entity vulnerability in McAfee Enterprise ePolicy Orchestrator (ePO) prior to 5.10 Update 13 allows a remote administrator attacker to upload a malicious XML file through the extension import functionality. | 3.8 |
| 2022-03-20 | CVE-2021-42194 | XXE vulnerability in Eyoucms 1.5.4 The wechat_return function in /controller/Index.php of EyouCms V1.5.4-UTF8-SP3 passes the user's input directly into the simplexml_ load_ String function, which itself does not prohibit external entities, triggering a XML external entity (XXE) injection vulnerability. | 7.2 |
| 2022-03-15 | CVE-2022-27193 | XXE vulnerability in Cvrf-Csaf-Converter Project Cvrf-Csaf-Converter 1.0.0 CVRF-CSAF-Converter before 1.0.0-rc2 resolves XML External Entities (XXE). | 5.5 |
| 2022-03-10 | CVE-2022-26661 | XXE vulnerability in multiple products An XXE issue was discovered in Tryton Application Platform (Server) 5.x through 5.0.45, 6.x through 6.0.15, and 6.1.x and 6.2.x through 6.2.5, and Tryton Application Platform (Command Line Client (proteus)) 5.x through 5.0.11, 6.x through 6.0.4, and 6.1.x and 6.2.x through 6.2.1. | 6.5 |