Vulnerabilities > Improper Restriction of XML External Entity Reference ('XXE')
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-10-27 | CVE-2022-34832 | XXE vulnerability in Vermeg Agile Reporter 21.3 An issue was discovered in VERMEG AgileReporter 21.3. | 6.5 |
2023-10-23 | CVE-2023-43067 | XXE vulnerability in Dell products Dell Unity prior to 5.3 contains an XML External Entity injection vulnerability. | 6.5 |
2023-10-23 | CVE-2023-43624 | XXE vulnerability in Omrom Cx-Designer CX-Designer Ver.3.740 and earlier (included in CX-One CXONE-AL[][]D-V4) contains an improper restriction of XML external entity reference (XXE) vulnerability. | 5.5 |
2023-10-18 | CVE-2023-45727 | XXE vulnerability in Northgrid Proself Proself Enterprise/Standard Edition Ver5.62 and earlier, Proself Gateway Edition Ver1.65 and earlier, and Proself Mail Sanitize Edition Ver1.08 and earlier allow a remote unauthenticated attacker to conduct XML External Entity (XXE) attacks. | 7.5 |
2023-10-14 | CVE-2022-32755 | XXE vulnerability in IBM products IBM Security Directory Server 6.4.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. | 9.1 |
2023-10-09 | CVE-2023-45612 | XXE vulnerability in Jetbrains Ktor In JetBrains Ktor before 2.3.5 default configuration of ContentNegotiation with XML format was vulnerable to XXE | 9.8 |
2023-10-02 | CVE-2023-42132 | XXE vulnerability in Mhlw FD Application 9.01 FD Application Apr. | 5.5 |
2023-09-25 | CVE-2022-4245 | XXE vulnerability in multiple products A flaw was found in codehaus-plexus. | 4.3 |
2023-09-21 | CVE-2023-38343 | XXE vulnerability in Ivanti Endpoint Manager An XXE (XML external entity injection) vulnerability exists in the CSEP component of Ivanti Endpoint Manager before 2022 SU4. | 7.5 |
2023-09-19 | CVE-2023-3892 | XXE vulnerability in Mimsoftware Assistant and Client Improper Restriction of XML External Entity Reference vulnerability in MIM Assistant and Client DICOM RTst Loading modules allows XML Entity Linking / XML External Entities Blowup. In order to take advantage of this vulnerability, an attacker must craft a malicious XML document, embed this document into specific 3rd party private RTst metadata tags, transfer the now compromised DICOM object to MIM, and force MIM to archive and load the data. Users on either version are strongly encouraged to update to an unaffected version (7.2.11+, 7.3.4+). This issue was found and analyzed by MIM Software's internal security team. We are unaware of any proof of concept or actual exploit available in the wild. For more information, visit https://www.mimsoftware.com/cve-2023-3892 https://www.mimsoftware.com/cve-2023-3892 This issue affects MIM Assistant: 7.2.10, 7.3.3; MIM Client: 7.2.10, 7.3.3. | 7.4 |