Vulnerabilities > Improper Restriction of XML External Entity Reference ('XXE')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-10-12 | CVE-2020-4772 | XXE vulnerability in IBM Curam Social Program Management 7.0.10.0/7.0.9.0 An XML External Entity Injection (XXE) vulnerability may impact IBM Curam Social Program Management 7.0.9 and 7.0.10. | 5.5 |
| 2020-10-02 | CVE-2020-15232 | XXE vulnerability in Mapfish Print In mapfish-print before version 3.24, a user can do to an XML External Entity (XXE) attack with the provided SDL style. | 6.4 |
| 2020-10-01 | CVE-2020-13940 | XXE vulnerability in Apache Nifi In Apache NiFi 1.0.0 to 1.11.4, the notification service manager and various policy authorizer and user group provider objects allowed trusted administrators to inadvertently configure a potentially malicious XML file. | 4.3 |
| 2020-09-30 | CVE-2020-8256 | XXE vulnerability in multiple products A vulnerability in the Pulse Connect Secure < 9.1R8.2 admin web interface could allow an authenticated attacker to gain arbitrary file reading access through Pulse Collaboration via XML External Entity (XXE) vulnerability. | 4.9 |
| 2020-09-30 | CVE-2020-21524 | XXE vulnerability in Halo 1.1.3 There is a XML external entity (XXE) vulnerability in halo v1.1.3, The function of importing other blogs in the background(/api/admin/migrations/wordpress) needs to parse the xml file, but it is not used for security defense, This vulnerability can detect the intranet, read files, enable ddos attacks, etc. | 6.4 |
| 2020-09-23 | CVE-2020-2284 | XXE vulnerability in Jenkins Liquibase Runner Jenkins Liquibase Runner Plugin 1.4.5 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | 7.1 |
| 2020-09-21 | CVE-2020-4643 | XXE vulnerability in IBM Websphere Application Server IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. | 5.0 |
| 2020-09-18 | CVE-2020-14029 | XXE vulnerability in Ozeki NG SMS Gateway An issue was discovered in Ozeki NG SMS Gateway through 4.17.6. | 5.0 |
| 2020-09-18 | CVE-2020-25750 | XXE vulnerability in Dotplant Dotplant2 An issue was discovered in DotPlant2 before 2020-09-14. | 7.5 |
| 2020-09-17 | CVE-2020-25215 | XXE vulnerability in Yworks YED yWorks yEd Desktop before 3.20.1 allows XXE attacks via an XML or GraphML document. | 9.8 |