Vulnerabilities > Improper Restriction of XML External Entity Reference ('XXE')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-05-04 | CVE-2020-12642 | XXE vulnerability in Reportportal Service-Api An issue was discovered in service-api before 4.3.12 and 5.x before 5.1.1 for Report Portal. | 7.5 |
| 2020-05-01 | CVE-2020-10683 | XXE vulnerability in multiple products dom4j before 2.0.3 and 2.1.x before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. | 9.8 |
| 2020-04-16 | CVE-2020-2178 | XXE vulnerability in Jenkins Parasoft Findings Jenkins Parasoft Findings Plugin 10.4.3 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | 7.1 |
| 2020-04-14 | CVE-2020-6238 | XXE vulnerability in SAP Commerce Cloud SAP Commerce, versions - 6.6, 6.7, 1808, 1811, 1905, does not process XML input securely in the Rest API from Servlet xyformsweb, leading to Missing XML Validation. | 9.3 |
| 2020-04-09 | CVE-2020-10629 | XXE vulnerability in Advantech Webaccess/Nms 2.0.3 WebAccess/NMS (versions prior to 3.0.2) does not sanitize XML input. | 7.5 |
| 2020-04-07 | CVE-2019-4391 | XXE vulnerability in Hcltech Appscan 9.0.3.13/9.0.3.14 HCL AppScan Standard is vulnerable to XML External Entity Injection (XXE) attack when processing XML data | 8.2 |
| 2020-04-06 | CVE-2020-11586 | XXE vulnerability in Cipplanner Cipace 6.80 An XXE issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. | 9.8 |
| 2020-03-27 | CVE-2020-10993 | XXE vulnerability in Osmand 2.0.0 Osmand through 2.0.0 allow XXE because of binary/BinaryMapIndexReader.java. | 9.1 |
| 2020-03-27 | CVE-2020-10992 | XXE vulnerability in Azkaban Project Azkaban Azkaban through 3.84.0 allows XXE, related to validator/XmlValidatorManager.java and user/XmlUserManager.java. | 9.8 |
| 2020-03-27 | CVE-2020-10991 | XXE vulnerability in Mulesoft Aplkit Mulesoft APIkit through 1.3.0 allows XXE because of validation/RestXmlSchemaValidator.java | 9.8 |