Vulnerabilities > Improper Restriction of XML External Entity Reference ('XXE')

DATE CVE VULNERABILITY TITLE RISK
2019-11-18 CVE-2018-20687 XXE vulnerability in Raritan Commandcenter Secure Gateway
An XML external entity (XXE) vulnerability in CommandCenterWebServices/.*?wsdl in Raritan CommandCenter Secure Gateway before 8.0.0 allows remote unauthenticated users to read arbitrary files or conduct server-side request forgery (SSRF) attacks via a crafted DTD in an XML request.
network
low complexity
raritan CWE-611
critical
 9.8
9.8
2019-11-14 CVE-2019-14678 XXE vulnerability in SAS Base SAS and XML Mapper
SAS XML Mapper 9.45 has an XML External Entity (XXE) vulnerability that can be leveraged by malicious attackers in multiple ways.
network
low complexity
sas CWE-611
critical
 10.0
10
2019-11-12 CVE-2014-3599 XXE vulnerability in Redhat Hornetq
HornetQ REST is vulnerable to XML External Entity due to insecure configuration of RestEasy
network
low complexity
redhat CWE-611
6.5
6.5
2019-11-07 CVE-2019-12331 XXE vulnerability in PHPoffice PHPspreadsheet
PHPOffice PhpSpreadsheet before 1.8.0 has an XXE issue.
network
low complexity
phpoffice CWE-611
8.8
8.8
2019-11-05 CVE-2019-8126 XXE vulnerability in Magento
An XML entity injection vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1.
network
low complexity
magento CWE-611
4.9
4.9
2019-10-31 CVE-2019-18227 XXE vulnerability in Advantech Wise-Paas/Rmm 3.3.29
Advantech WISE-PaaS/RMM, Versions 3.3.29 and prior.
network
low complexity
advantech CWE-611
7.5
7.5
2019-10-29 CVE-2019-9757 XXE vulnerability in Labkey Server 19.1.0
An issue was discovered in LabKey Server 19.1.0.
network
low complexity
labkey CWE-611
7.5
7.5
2019-10-28 CVE-2017-15725 XXE vulnerability in Devada Dzone Answerhub
An XML External Entity Injection vulnerability exists in Dzone AnswerHub.
network
low complexity
devada CWE-611
7.5
7.5
2019-10-25 CVE-2019-8087 XXE vulnerability in Adobe Experience Manager
Adobe Experience Manager versions 6.5, 6.4, 6.3 and 6.2 have a xml external entity injection vulnerability.
network
low complexity
adobe CWE-611
7.5
7.5
2019-10-25 CVE-2019-8086 XXE vulnerability in Adobe Experience Manager
Adobe Experience Manager versions 6.5, 6.4, 6.3 and 6.2 have a xml external entity injection vulnerability.
network
low complexity
adobe CWE-611
7.5
7.5