Vulnerabilities > Improper Restriction of XML External Entity Reference ('XXE')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-10-23 | CVE-2019-18213 | XXE vulnerability in multiple products XML Language Server (aka lsp4xml) before 0.9.1, as used in Red Hat XML Language Support (aka vscode-xml) before 0.9.1 for Visual Studio and other products, allows XXE via a crafted XML document, with resultant SSRF (as well as SMB connection initiation that can lead to NetNTLM challenge/response capture for password cracking). | 8.8 |
| 2019-10-23 | CVE-2019-12415 | XXE vulnerability in multiple products In Apache POI up to 4.1.0, when using the tool XSSFExportToXml to convert user-provided Microsoft Excel documents, a specially crafted document can allow an attacker to read files from the local filesystem or from internal network resources via XML External Entity (XXE) Processing. | 5.5 |
| 2019-10-23 | CVE-2019-10466 | XXE vulnerability in Jenkins 360 Fireline An XML external entities (XXE) vulnerability in Jenkins 360 FireLine Plugin allows attackers with Overall/Read access to have Jenkins resolve external entities, resulting in the extraction of secrets from the Jenkins agent, server-side request forgery, or denial-of-service attacks. | 8.1 |
| 2019-10-23 | CVE-2019-14276 | XXE vulnerability in Xnat 1.7.5.3 WUSTL XNAT 1.7.5.3 allows XXE attacks via a POST request body. | 6.5 |
| 2019-10-10 | CVE-2019-1060 | XXE vulnerability in Microsoft products A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser processes user input, aka 'MS XML Remote Code Execution Vulnerability'. | 8.8 |
| 2019-10-02 | CVE-2019-12711 | XXE vulnerability in Cisco Unified Communications Manager A vulnerability in the web-based interface of Cisco Unified Communications Manager and Cisco Unified Communications Manager Session Management Edition (SME) could allow an unauthenticated, remote attacker to access sensitive information or cause a denial of service (DoS) condition. | 6.5 |
| 2019-09-25 | CVE-2019-16188 | XXE vulnerability in Hcltech Appscan Source HCL AppScan Source before 9.03.13 is susceptible to XML External Entity (XXE) attacks in multiple locations. | 7.1 |
| 2019-09-11 | CVE-2019-9488 | XXE vulnerability in Trendmicro Deep Security Manager and vulnerability Protection Trend Micro Deep Security Manager (10.x, 11.x) and Vulnerability Protection (2.0) are vulnerable to a XML External Entity Attack. | 4.9 |
| 2019-09-09 | CVE-2019-16174 | XXE vulnerability in Limesurvey An XML injection vulnerability was found in Limesurvey before 3.17.14 that allows remote attackers to import specially crafted XML files and execute code or compromise data integrity. | 8.8 |
| 2019-09-03 | CVE-2019-6179 | XXE vulnerability in Lenovo Xclarity Administrator and Xclarity Integrator An XML External Entity (XXE) processing vulnerability was reported in Lenovo XClarity Administrator (LXCA) prior to version 2.5.0 , Lenovo XClarity Integrator (LXCI) for Microsoft System Center prior to version 7.7.0, and Lenovo XClarity Integrator (LXCI) for VMWare vCenter prior to version 6.1.0 that could allow information disclosure. | 7.5 |