Vulnerabilities > Improper Restriction of XML External Entity Reference ('XXE')

DATE CVE VULNERABILITY TITLE RISK
2020-04-09 CVE-2020-10629 XXE vulnerability in Advantech Webaccess/Nms 2.0.3
WebAccess/NMS (versions prior to 3.0.2) does not sanitize XML input.
network
low complexity
advantech CWE-611
7.5
7.5
2020-04-07 CVE-2019-4391 XXE vulnerability in Hcltech Appscan 9.0.3.13/9.0.3.14
HCL AppScan Standard is vulnerable to XML External Entity Injection (XXE) attack when processing XML data
network
low complexity
hcltech CWE-611
8.2
8.2
2020-04-06 CVE-2020-11586 XXE vulnerability in Cipplanner Cipace 6.80
An XXE issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801.
network
low complexity
cipplanner CWE-611
critical
 9.8
9.8
2020-03-27 CVE-2020-10993 XXE vulnerability in Osmand 2.0.0
Osmand through 2.0.0 allow XXE because of binary/BinaryMapIndexReader.java.
network
low complexity
osmand CWE-611
critical
 9.1
9.1
2020-03-27 CVE-2020-10992 XXE vulnerability in Azkaban Project Azkaban
Azkaban through 3.84.0 allows XXE, related to validator/XmlValidatorManager.java and user/XmlUserManager.java.
network
low complexity
azkaban-project CWE-611
critical
 9.8
9.8
2020-03-27 CVE-2020-10991 XXE vulnerability in Mulesoft Aplkit
Mulesoft APIkit through 1.3.0 allows XXE because of validation/RestXmlSchemaValidator.java
network
low complexity
mulesoft CWE-611
critical
 9.8
9.8
2020-03-27 CVE-2020-10990 XXE vulnerability in Accenture Mercury
An XXE issue exists in Accenture Mercury before 1.12.28 because of the platformlambda/core/serializers/SimpleXmlParser.java component.
network
low complexity
accenture CWE-611
critical
 9.8
9.8
2020-03-25 CVE-2020-2171 XXE vulnerability in Jenkins Rapiddeploy
Jenkins RapidDeploy Plugin 4.2 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.
network
low complexity
jenkins CWE-611
8.8
8.8
2020-03-23 CVE-2019-20627 XXE vulnerability in Rbsoft Autoupdater.Net
AutoUpdater.cs in AutoUpdater.NET before 1.5.8 allows XXE.
network
low complexity
rbsoft CWE-611
critical
 9.8
9.8
2020-03-20 CVE-2020-10799 XXE vulnerability in Svglib Project Svglib
The svglib package through 0.9.3 for Python allows XXE attacks via an svg2rlg call.
network
low complexity
svglib-project CWE-611
critical
 9.8
9.8