Vulnerabilities > Improper Restriction of XML External Entity Reference ('XXE')

DATE CVE VULNERABILITY TITLE RISK
2023-11-30 CVE-2023-49733 XXE vulnerability in Apache Cocoon 2.2.0
Improper Restriction of XML External Entity Reference vulnerability in Apache Cocoon.This issue affects Apache Cocoon: from 2.2.0 before 2.3.0. Users are recommended to upgrade to version 2.3.0, which fixes the issue.
network
low complexity
apache CWE-611
critical
 9.8
9.8
2023-11-29 CVE-2023-49656 XXE vulnerability in Jenkins Matlab
Jenkins MATLAB Plugin 2.11.0 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.
network
low complexity
jenkins CWE-611
critical
 9.8
9.8
2023-11-17 CVE-2023-22274 XXE vulnerability in Adobe Robohelp Server
Adobe RoboHelp Server versions 11.4 and earlier are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that could lead to information disclosure by an unauthenticated attacker.
network
low complexity
adobe CWE-611
7.5
7.5
2023-11-14 CVE-2023-46590 XXE vulnerability in Siemens OPC UA Modeling Editor
A vulnerability has been identified in Siemens OPC UA Modelling Editor (SiOME) (All versions < V2.8).
network
low complexity
siemens CWE-611
7.5
7.5
2023-11-09 CVE-2023-4218 XXE vulnerability in Eclipse IDE
In Eclipse IDE versions < 2023-09 (4.29) some files with xml content are parsed vulnerable against all sorts of XXE attacks.
local
low complexity
eclipse CWE-611
5.0
5.0
2023-11-06 CVE-2023-46802 XXE vulnerability in NTA E-Tax 1.17.1
e-Tax software Version3.0.10 and earlier improperly restricts XML external entity references (XXE) due to the configuration of the embedded XML parser.
local
low complexity
nta CWE-611
5.5
5.5
2023-10-30 CVE-2023-46502 XXE vulnerability in Opencrx 5.2.2
An issue in openCRX v.5.2.2 allows a remote attacker to read internal files and execute server side request forgery attack via insecure DocumentBuilderFactory.
network
low complexity
opencrx CWE-611
critical
 9.8
9.8
2023-10-27 CVE-2022-34832 XXE vulnerability in Vermeg Agile Reporter 21.3
An issue was discovered in VERMEG AgileReporter 21.3.
network
low complexity
vermeg CWE-611
6.5
6.5
2023-10-23 CVE-2023-43067 XXE vulnerability in Dell products
Dell Unity prior to 5.3 contains an XML External Entity injection vulnerability.
network
low complexity
dell CWE-611
6.5
6.5
2023-10-23 CVE-2023-43624 XXE vulnerability in Omrom Cx-Designer
CX-Designer Ver.3.740 and earlier (included in CX-One CXONE-AL[][]D-V4) contains an improper restriction of XML external entity reference (XXE) vulnerability.
local
low complexity
omrom CWE-611
5.5
5.5