Vulnerabilities > Improper Restriction of XML External Entity Reference ('XXE')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-11-12 | CVE-2021-43577 | XXE vulnerability in Jenkins Owasp Dependency-Check Jenkins OWASP Dependency-Check Plugin 5.1.1 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | 7.1 |
| 2021-11-02 | CVE-2021-36172 | XXE vulnerability in Fortinet Fortiportal An improper restriction of XML external entity reference vulnerability in the parser of XML responses of FortiPortal before 6.0.6 may allow an attacker who controls the producer of XML reports consumed by FortiPortal to trigger a denial of service or read arbitrary files from the underlying file system by means of specifically crafted XML documents. | 8.1 |
| 2021-11-01 | CVE-2021-20838 | XXE vulnerability in Antennahouse Office Server Document Converter Office Server Document Converter V7.2MR4 and earlier and V7.1MR7 and earlier allows a remote unauthenticated attacker to conduct an XML External Entity (XXE) attack to cause a denial of service (DoS) condition by processing a specially crafted XML document. | 7.5 |
| 2021-11-01 | CVE-2021-20839 | XXE vulnerability in Antennahouse Office Server Document Converter Office Server Document Converter V7.2MR4 and earlier and V7.1MR7 and earlier allows a remote unauthenticated attacker to conduct an XML External Entity (XXE) attack to cause a denial of service (DoS) condition to the other servers by processing a specially crafted XML document. | 6.5 |
| 2021-10-31 | CVE-2020-26705 | XXE vulnerability in Easyxml Project Easyxml 0.5.0 The parseXML function in Easy-XML 0.5.0 was discovered to have a XML External Entity (XXE) vulnerability which allows for an attacker to expose sensitive data or perform a denial of service (DOS) via a crafted external entity entered into the XML content as input. | 9.1 |
| 2021-10-31 | CVE-2020-25911 | XXE vulnerability in Modx Revolution 2.7.3 A XML External Entity (XXE) vulnerability was discovered in the modRestServiceRequest component in MODX CMS 2.7.3 which can lead to an information disclosure or denial of service (DOS). | 9.1 |
| 2021-10-31 | CVE-2020-25912 | XXE vulnerability in Getsymphony Symphony 2.7.10 A XML External Entity (XXE) vulnerability was discovered in symphony\lib\toolkit\class.xmlelement.php in Symphony 2.7.10 which can lead to an information disclosure or denial of service (DOS). | 9.1 |
| 2021-10-19 | CVE-2021-3869 | XXE vulnerability in Stanford Corenlp corenlp is vulnerable to Improper Restriction of XML External Entity Reference | 7.5 |
| 2021-10-15 | CVE-2021-3878 | XXE vulnerability in Stanford Corenlp corenlp is vulnerable to Improper Restriction of XML External Entity Reference | 9.8 |
| 2021-10-14 | CVE-2020-19954 | XXE vulnerability in S-Cms 3.0 An XML External Entity (XXE) vulnerability was discovered in /api/notify.php in S-CMS 3.0 which allows attackers to read arbitrary files. | 7.5 |