Vulnerabilities > Improper Restriction of XML External Entity Reference ('XXE')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-05-03 | CVE-2023-39472 | XXE vulnerability in Inductiveautomation Ignition Inductive Automation Ignition SimpleXMLReader XML External Entity Processing Information Disclosure Vulnerability. | 6.5 |
| 2024-03-28 | CVE-2024-31139 | XXE vulnerability in Jetbrains Teamcity In JetBrains TeamCity before 2024.03 xXE was possible in the Maven build steps detector | 8.1 |
| 2024-03-14 | CVE-2023-50168 | XXE vulnerability in Pega Platform Pega Platform from 6.x to 8.8.4 is affected by an XXE issue with PDF Generation. | 7.7 |
| 2024-02-22 | CVE-2024-25129 | XXE vulnerability in Github Codeql CLI The CodeQL CLI repo holds binaries for the CodeQL command line interface (CLI). | 5.5 |
| 2024-02-20 | CVE-2024-25606 | XXE vulnerability in Liferay Digital Experience Platform XXE vulnerability in Liferay Portal 7.2.0 through 7.4.3.7, and older unsupported versions, and Liferay DXP 7.4 before update 4, 7.3 before update 12, 7.2 before fix pack 20, and older unsupported versions allows attackers with permission to deploy widgets/portlets/extensions to obtain sensitive information or consume system resources via the Java2WsddTask._format method. | 8.7 |
| 2024-02-13 | CVE-2024-22024 | XXE vulnerability in Ivanti Connect Secure, Policy Secure and Zero Trust Access An XML external entity or XXE vulnerability in the SAML component of Ivanti Connect Secure (9.x, 22.x), Ivanti Policy Secure (9.x, 22.x) and ZTA gateways which allows an attacker to access certain restricted resources without authentication. | 8.3 |
| 2024-02-06 | CVE-2023-52239 | XXE vulnerability in Magicsoftware Magic XPI Integration Platform 4.13.4 The XML parser in Magic xpi Integration Platform 4.13.4 allows XXE attacks, e.g., via onItemImport. | 6.5 |
| 2024-02-01 | CVE-2024-1167 | XXE vulnerability in Seweurodrive Movitools Motionstudio 6.5.0.2 When SEW-EURODRIVE MOVITOOLS MotionStudio processes XML information unrestricted file access can occur. | 7.5 |
| 2024-01-29 | CVE-2023-4554 | XXE vulnerability in Opentext Appbuilder 21.2 Improper Restriction of XML External Entity Reference vulnerability in OpenText AppBuilder on Windows, Linux allows Server Side Request Forgery, Probe System Files. AppBuilder's XML processor is vulnerable to XML External Entity Processing (XXE), allowing an authenticated user to upload specially crafted XML files to induce server-side request forgery, disclose files local to the server that processes them. This issue affects AppBuilder: from 21.2 before 23.2. | 6.5 |
| 2024-01-24 | CVE-2024-21765 | XXE vulnerability in Cals-Ed products Electronic Delivery Check System (Doboku) Ver.18.1.0 and earlier, Electronic Delivery Check System (Dentsu) Ver.12.1.0 and earlier, Electronic Delivery Check System (Kikai) Ver.10.1.0 and earlier, and Electronic delivery item Inspection Support SystemVer.4.0.31 and earlier improperly restrict XML external entity references (XXE). | 5.5 |