Vulnerabilities > Improper Restriction of XML External Entity Reference ('XXE')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-12-30 | CVE-2020-26247 | XXE vulnerability in multiple products Nokogiri is a Rubygem providing HTML, XML, SAX, and Reader parsers with XPath and CSS selector support. | 4.3 |
| 2020-12-21 | CVE-2020-35604 | XXE vulnerability in Kronos web Time and Attendance 5.0.4 An XXE attack can occur in Kronos WebTA 5.0.4 when SAML is used. | 9.8 |
| 2020-12-17 | CVE-2020-35123 | XXE vulnerability in Zimbra Collaboration In Zimbra Collaboration Suite Network Edition versions < 9.0.0 P10 and 8.8.15 P17, there exists an XXE vulnerability in the saml consumer store extension, which is vulnerable to XXE attacks. | 6.5 |
| 2020-12-17 | CVE-2020-29436 | XXE vulnerability in Sonatype Nexus Repository Manager Sonatype Nexus Repository Manager 3.x before 3.29.0 allows a user with admin privileges to configure the system to gain access to content outside of NXRM via an XXE vulnerability. | 6.5 |
| 2020-12-07 | CVE-2020-26513 | XXE vulnerability in Intland Codebeamer 10.0.0/10.0.1/10.1.0 An issue was discovered in Intland codeBeamer ALM 10.x through 10.1.SP4. | 5.5 |
| 2020-12-03 | CVE-2020-25649 | XXE vulnerability in multiple products A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. | 7.5 |
| 2020-12-03 | CVE-2020-2324 | XXE vulnerability in Jenkins CVS Jenkins CVS Plugin 2.16 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | 7.5 |
| 2020-11-23 | CVE-2020-26229 | XXE vulnerability in Typo3 TYPO3 is an open source PHP based web content management system. | 3.7 |
| 2020-11-19 | CVE-2020-7572 | XXE vulnerability in Schneider-Electric Webreports 1.9/3.1 A CWE-611 Improper Restriction of XML External Entity Reference vulnerability exists in EcoStruxure Building Operation WebReports V1.9 - V3.1 that could cause an authenticated remote user being able to inject arbitrary XML code and obtain disclosure of confidential data, denial of service, server side request forgery due to improper configuration of the XML parser. | 8.8 |
| 2020-11-13 | CVE-2020-7032 | XXE vulnerability in Avaya Aura System Manager and Weblm An XML external entity (XXE) vulnerability in Avaya WebLM admin interface allows authenticated users to read arbitrary files or conduct server-side request forgery (SSRF) attacks via a crafted DTD in an XML request. | 6.5 |