Vulnerabilities > Improper Restriction of XML External Entity Reference ('XXE')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-06-30 | CVE-2021-21672 | XXE vulnerability in Jenkins Selenium Html Report Jenkins Selenium HTML report Plugin 1.0 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | 4.3 |
| 2021-06-30 | CVE-2021-25951 | XXE vulnerability in Xml2Dict Project Xml2Dict 0.2.2 XXE vulnerability in 'XML2Dict' version 0.2.2 allows an attacker to cause a denial of service. | 5.0 |
| 2021-06-29 | CVE-2021-22338 | XXE vulnerability in Huawei Ecns280 Firmware V100R005C00/V100R005C10 There is an XXE injection vulnerability in eCNS280 V100R005C00 and V100R005C10. | 5.0 |
| 2021-06-23 | CVE-2021-29620 | XXE vulnerability in Reportportal Service-Api Report portal is an open source reporting and analysis framework. | 5.0 |
| 2021-06-21 | CVE-2021-35066 | XXE vulnerability in Connectwise Automate An XXE vulnerability exists in ConnectWise Automate before 2021.0.6.132. | 7.5 |
| 2021-06-21 | CVE-2021-28684 | XXE vulnerability in Powerarchiver The XML parser used in ConeXware PowerArchiver before 20.10.02 allows processing of external entities, which might lead to exfiltration of local files over the network (via an XXE attack). | 4.3 |
| 2021-06-16 | CVE-2021-33813 | XXE vulnerability in multiple products An XXE issue in SAXBuilder in JDOM through 2.0.6 allows attackers to cause a denial of service via a crafted HTTP request. | 7.5 |
| 2021-06-11 | CVE-2020-5003 | XXE vulnerability in IBM Financial Transaction Manager 3.2.4 IBM Financial Transaction Manager 3.2.4 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. | 6.4 |
| 2021-06-09 | CVE-2021-27635 | XXE vulnerability in SAP Netweaver Application Server for Java SAP NetWeaver AS for JAVA, versions - 7.20, 7.30, 7.31, 7.40, 7.50, allows an attacker authenticated as an administrator to connect over a network and submit a specially crafted XML file in the application because of missing XML Validation, this vulnerability enables attacker to fully compromise confidentiality by allowing them to read any file on the filesystem or fully compromise availability by causing the system to crash. | 5.5 |
| 2021-06-08 | CVE-2020-25817 | XXE vulnerability in Silverstripe SilverStripe through 4.6.0-rc1 has an XXE Vulnerability in CSSContentParser. | 3.5 |