Vulnerabilities > Improper Restriction of XML External Entity Reference ('XXE')
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-05-08 | CVE-2020-12719 | XXE vulnerability in Wso2 products XXE during an EventPublisher update can occur in Management Console in WSO2 API Manager 3.0.0 and earlier, API Manager Analytics 2.5.0 and earlier, API Microgateway 2.2.0, Enterprise Integrator 6.4.0 and earlier, IS as Key Manager 5.9.0 and earlier, Identity Server 5.9.0 and earlier, and Identity Server Analytics 5.6.0 and earlier. | 6.5 |
2020-05-06 | CVE-2020-3256 | XXE vulnerability in Cisco Hosted Collaboration Mediation Fulfillment A vulnerability in the web-based management interface of Cisco Hosted Collaboration Mediation Fulfillment (HCM-F) Software could allow an authenticated, remote attacker to gain read access to information that is stored on an affected system. | 4.0 |
2020-05-04 | CVE-2020-12642 | XXE vulnerability in Reportportal Service-Api An issue was discovered in service-api before 4.3.12 and 5.x before 5.1.1 for Report Portal. | 5.0 |
2020-05-01 | CVE-2020-10683 | XXE vulnerability in multiple products dom4j before 2.0.3 and 2.1.x before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. | 9.8 |
2020-04-17 | CVE-2020-11885 | XXE vulnerability in Wso2 Enterprise Integrator WSO2 Enterprise Integrator through 6.6.0 has an XXE vulnerability where a user (with admin console access) can use the XML validator to make unintended network invocations such as SSRF via an uploaded file. | 6.5 |
2020-04-16 | CVE-2020-2178 | XXE vulnerability in Jenkins Parasoft Findings Jenkins Parasoft Findings Plugin 10.4.3 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | 7.1 |
2020-04-14 | CVE-2020-6238 | XXE vulnerability in SAP Commerce Cloud SAP Commerce, versions - 6.6, 6.7, 1808, 1811, 1905, does not process XML input securely in the Rest API from Servlet xyformsweb, leading to Missing XML Validation. | 9.3 |
2020-04-09 | CVE-2020-10629 | XXE vulnerability in Advantech Webaccess/Nms WebAccess/NMS (versions prior to 3.0.2) does not sanitize XML input. | 5.0 |
2020-04-07 | CVE-2019-4391 | XXE vulnerability in Hcltech Appscan 9.0.3.13/9.0.3.14 HCL AppScan Standard is vulnerable to XML External Entity Injection (XXE) attack when processing XML data | 6.4 |
2020-04-06 | CVE-2020-11586 | XXE vulnerability in Cipplanner Cipace 6.80 An XXE issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. | 7.5 |