Vulnerabilities > Improper Restriction of XML External Entity Reference ('XXE')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-10-19 | CVE-2021-3869 | XXE vulnerability in Stanford Corenlp corenlp is vulnerable to Improper Restriction of XML External Entity Reference | 7.5 |
| 2021-10-15 | CVE-2021-3878 | XXE vulnerability in Stanford Corenlp corenlp is vulnerable to Improper Restriction of XML External Entity Reference | 9.8 |
| 2021-10-14 | CVE-2020-19954 | XXE vulnerability in S-Cms 3.0 An XML External Entity (XXE) vulnerability was discovered in /api/notify.php in S-CMS 3.0 which allows attackers to read arbitrary files. | 7.5 |
| 2021-10-13 | CVE-2021-20801 | XXE vulnerability in Cybozu Remote Service Manager 3.1.8/3.1.9 Cybozu Remote Service 3.1.8 to 3.1.9 allows a remote authenticated attacker to conduct XML External Entity (XXE) attacks and obtain the information stored in the product via unspecified vectors. | 6.5 |
| 2021-10-12 | CVE-2021-35496 | XXE vulnerability in Tibco Jasperreports Server The XMLA Connections component of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports Server, TIBCO JasperReports Server, TIBCO JasperReports Server, TIBCO JasperReports Server - Community Edition, TIBCO JasperReports Server - Developer Edition, TIBCO JasperReports Server for AWS Marketplace, TIBCO JasperReports Server for ActiveMatrix BPM, and TIBCO JasperReports Server for Microsoft Azure contains a difficult to exploit vulnerability that allows a low privileged attacker with network access to interfere with XML processing in the affected component. | 7.5 |
| 2021-10-08 | CVE-2021-3312 | XXE vulnerability in Alkacon Opencms 11.0/11.0.1/11.0.2 An XML external entity (XXE) vulnerability in Alkacon OpenCms 11.0, 11.0.1 and 11.0.2 allows remote authenticated users with edit privileges to exfiltrate files from the server's file system by uploading a crafted SVG document. | 6.5 |
| 2021-10-07 | CVE-2021-38298 | XXE vulnerability in Zohocorp Manageengine Admanager Plus Zoho ManageEngine ADManager Plus before 7110 is vulnerable to blind XXE. | 9.8 |
| 2021-10-07 | CVE-2021-40439 | XXE vulnerability in Apache Openoffice Apache OpenOffice has a dependency on expat software. | 6.5 |
| 2021-10-07 | CVE-2021-41770 | XXE vulnerability in Pingidentity Pingfederate Ping Identity PingFederate before 10.3.1 mishandles pre-parsing validation, leading to an XXE attack that can achieve XML file disclosure. | 7.5 |
| 2021-10-06 | CVE-2021-34706 | XXE vulnerability in Cisco Identity Services Engine A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to access sensitive information or conduct a server-side request forgery (SSRF) attack through an affected device. | 5.4 |