Vulnerabilities > Improper Restriction of XML External Entity Reference ('XXE')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-12-30 | CVE-2020-28736 | XXE vulnerability in Plone Plone before 5.2.3 allows XXE attacks via a feature that is protected by an unapplied permission of plone.schemaeditor.ManageSchemata (therefore, only available to the Manager role). | 8.8 |
| 2020-12-30 | CVE-2020-28734 | XXE vulnerability in Plone Plone before 5.2.3 allows XXE attacks via a feature that is explicitly only available to the Manager role. | 8.8 |
| 2020-12-30 | CVE-2020-26247 | XXE vulnerability in multiple products Nokogiri is a Rubygem providing HTML, XML, SAX, and Reader parsers with XPath and CSS selector support. | 4.3 |
| 2020-12-21 | CVE-2020-35604 | XXE vulnerability in Kronos web Time and Attendance 5.0.4 An XXE attack can occur in Kronos WebTA 5.0.4 when SAML is used. | 9.8 |
| 2020-12-17 | CVE-2020-35123 | XXE vulnerability in Zimbra Collaboration In Zimbra Collaboration Suite Network Edition versions < 9.0.0 P10 and 8.8.15 P17, there exists an XXE vulnerability in the saml consumer store extension, which is vulnerable to XXE attacks. | 6.5 |
| 2020-12-17 | CVE-2020-29436 | XXE vulnerability in Sonatype Nexus Repository Manager Sonatype Nexus Repository Manager 3.x before 3.29.0 allows a user with admin privileges to configure the system to gain access to content outside of NXRM via an XXE vulnerability. | 6.5 |
| 2020-12-07 | CVE-2020-26513 | XXE vulnerability in Intland Codebeamer 10.0.0/10.0.1/10.1.0 An issue was discovered in Intland codeBeamer ALM 10.x through 10.1.SP4. | 5.5 |
| 2020-12-03 | CVE-2020-25649 | XXE vulnerability in multiple products A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. | 7.5 |
| 2020-12-03 | CVE-2020-2324 | XXE vulnerability in Jenkins CVS Jenkins CVS Plugin 2.16 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | 7.5 |
| 2020-11-13 | CVE-2020-7032 | XXE vulnerability in Avaya Aura System Manager and Weblm An XML external entity (XXE) vulnerability in Avaya WebLM admin interface allows authenticated users to read arbitrary files or conduct server-side request forgery (SSRF) attacks via a crafted DTD in an XML request. | 6.5 |