Vulnerabilities > Improper Restriction of XML External Entity Reference ('XXE')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-12-30 | CVE-2019-19031 | XXE vulnerability in Edit-Xml Easy XML Editor 1.7.8 Easy XML Editor through v1.7.8 is affected by: XML External Entity Injection. | 8.1 |
| 2019-12-26 | CVE-2019-19998 | XXE vulnerability in Xiuno Xiunobbs 4.0 Xiuno BBS 4.0 allows XXE via plugin/xn_wechat_public/route/token.php. | 7.5 |
| 2019-12-18 | CVE-2012-2656 | XXE vulnerability in Talend Restlet 1.1.10 An XML eXternal Entity (XXE) issue exists in Restlet 1.1.10 in an endpoint using XML transport, which lets a remote attacker obtain sensitive information. | 7.5 |
| 2019-12-17 | CVE-2019-16549 | XXE vulnerability in Jenkins Maven 0.14.0/0.16.1 Jenkins Maven Release Plugin 0.16.1 and earlier does not configure the XML parser to prevent XML external entity (XXE) attacks, allowing man-in-the-middle attackers to have Jenkins parse crafted XML documents. | 8.1 |
| 2019-12-15 | CVE-2014-3643 | XXE vulnerability in Jersey Project Jersey jersey: XXE via parameter entities not disabled by the jersey SAX parser | 7.5 |
| 2019-12-10 | CVE-2019-19702 | XXE vulnerability in Modoboa Modoboa-Dmarc 1.1.0 The modoboa-dmarc plugin 1.1.0 for Modoboa is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. | 7.5 |
| 2019-12-04 | CVE-2019-17554 | XXE vulnerability in Apache Olingo The XML content type entity deserializer in Apache Olingo versions 4.0.0 to 4.6.0 is not configured to deny the resolution of external entities. | 5.5 |
| 2019-11-26 | CVE-2011-3600 | XXE vulnerability in Apache Ofbiz The /webtools/control/xmlrpc endpoint in OFBiz XML-RPC event handler is exposed to External Entity Injection by passing DOCTYPE declarations with executable payloads that discloses the contents of files in the filesystem. | 7.5 |
| 2019-11-19 | CVE-2019-10080 | XXE vulnerability in Apache Nifi The XMLFileLookupService in NiFi versions 1.3.0 to 1.9.2 allowed trusted users to inadvertently configure a potentially malicious XML file. | 6.5 |
| 2019-11-18 | CVE-2019-17085 | XXE vulnerability in Microfocus Operations Agent XXE attack vulnerability on Micro Focus Operations Agent, affected version 12.0, 12.01, 12.02, 12.03, 12.04, 12.05, 12.06, 12.10, 12.11. | 6.5 |