Vulnerabilities > Improper Restriction of XML External Entity Reference ('XXE')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-10-31 | CVE-2019-18227 | XXE vulnerability in Advantech Wise-Paas/Rmm 3.3.29 Advantech WISE-PaaS/RMM, Versions 3.3.29 and prior. | 7.5 |
| 2019-10-29 | CVE-2019-9757 | XXE vulnerability in Labkey Server 19.1.0 An issue was discovered in LabKey Server 19.1.0. | 7.5 |
| 2019-10-28 | CVE-2017-15725 | XXE vulnerability in Devada Dzone Answerhub An XML External Entity Injection vulnerability exists in Dzone AnswerHub. | 7.5 |
| 2019-10-25 | CVE-2019-8087 | XXE vulnerability in Adobe Experience Manager Adobe Experience Manager versions 6.5, 6.4, 6.3 and 6.2 have a xml external entity injection vulnerability. | 7.5 |
| 2019-10-25 | CVE-2019-8086 | XXE vulnerability in Adobe Experience Manager Adobe Experience Manager versions 6.5, 6.4, 6.3 and 6.2 have a xml external entity injection vulnerability. | 7.5 |
| 2019-10-25 | CVE-2019-8082 | XXE vulnerability in Adobe Experience Manager 6.2/6.3/6.4 Adobe Experience Manager versions 6.4, 6.3 and 6.2 have a xml external entity injection vulnerability. | 7.5 |
| 2019-10-23 | CVE-2019-18213 | XXE vulnerability in multiple products XML Language Server (aka lsp4xml) before 0.9.1, as used in Red Hat XML Language Support (aka vscode-xml) before 0.9.1 for Visual Studio and other products, allows XXE via a crafted XML document, with resultant SSRF (as well as SMB connection initiation that can lead to NetNTLM challenge/response capture for password cracking). | 8.8 |
| 2019-10-23 | CVE-2019-12415 | XXE vulnerability in multiple products In Apache POI up to 4.1.0, when using the tool XSSFExportToXml to convert user-provided Microsoft Excel documents, a specially crafted document can allow an attacker to read files from the local filesystem or from internal network resources via XML External Entity (XXE) Processing. | 5.5 |
| 2019-10-23 | CVE-2019-10466 | XXE vulnerability in Jenkins 360 Fireline An XML external entities (XXE) vulnerability in Jenkins 360 FireLine Plugin allows attackers with Overall/Read access to have Jenkins resolve external entities, resulting in the extraction of secrets from the Jenkins agent, server-side request forgery, or denial-of-service attacks. | 8.1 |
| 2019-10-23 | CVE-2019-14276 | XXE vulnerability in Xnat 1.7.5.3 WUSTL XNAT 1.7.5.3 allows XXE attacks via a POST request body. | 6.5 |