Vulnerabilities > Improper Restriction of XML External Entity Reference ('XXE')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-04-08 | CVE-2020-6590 | XXE vulnerability in Forcepoint products Forcepoint Web Security Content Gateway versions prior to 8.5.4 improperly process XML input, leading to information disclosure. | 7.5 |
| 2021-04-06 | CVE-2021-22158 | XXE vulnerability in Proofpoint Insider Threat Management The Proofpoint Insider Threat Management Server (formerly ObserveIT Server) is vulnerable to XML external entity (XXE) injection in the Web Console. | 7.2 |
| 2021-04-01 | CVE-2021-29421 | XXE vulnerability in multiple products models/metadata.py in the pikepdf package 1.3.0 through 2.9.2 for Python allows XXE when parsing XMP metadata entries. | 7.5 |
| 2021-03-30 | CVE-2021-20502 | XXE vulnerability in IBM products IBM Jazz Foundation Products are vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. | 7.1 |
| 2021-03-30 | CVE-2021-20482 | XXE vulnerability in IBM Cloud PAK for Automation 20.0.2/20.0.3 IBM Cloud Pak for Automation 20.0.2 and 20.0.3 IF002 are vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. | 7.1 |
| 2021-03-26 | CVE-2021-1628 | XXE vulnerability in Salesforce Mule MuleSoft is aware of a XML External Entity (XXE) vulnerability affecting certain versions of a Mule runtime component that may affect both CloudHub and on-premise customers. | 9.8 |
| 2021-03-19 | CVE-2021-28110 | XXE vulnerability in Compassplus Tranzware E-Commerce Payment Gateway /exec in TranzWare e-Commerce Payment Gateway (TWEC PG) before 3.1.27.5 had a vulnerability in its XML parser. | 7.5 |
| 2021-03-05 | CVE-2021-26969 | XXE vulnerability in Arubanetworks Airwave A remote authenticated authenticated xml external entity (xxe) vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. | 6.5 |
| 2021-03-03 | CVE-2021-27931 | XXE vulnerability in Lumis Experience Platform LumisXP (aka Lumis Experience Platform) before 10.0.0 allows unauthenticated blind XXE via an API request to PageControllerXml.jsp. | 9.1 |
| 2021-03-01 | CVE-2021-26703 | XXE vulnerability in Eprints 3.4.2 EPrints 3.4.2 allows remote attackers to read arbitrary files and possibly execute commands via crafted JSON/XML input to a cgi/ajax/phrase URI. | 9.8 |