Vulnerabilities > Improper Restriction of XML External Entity Reference ('XXE')
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2024-02-01 | CVE-2024-1167 | XXE vulnerability in Seweurodrive Movitools Motionstudio 6.5.0.2 When SEW-EURODRIVE MOVITOOLS MotionStudio processes XML information unrestricted file access can occur. | 7.5 |
2024-01-29 | CVE-2023-4554 | XXE vulnerability in Opentext Appbuilder 21.2 Improper Restriction of XML External Entity Reference vulnerability in OpenText AppBuilder on Windows, Linux allows Server Side Request Forgery, Probe System Files. AppBuilder's XML processor is vulnerable to XML External Entity Processing (XXE), allowing an authenticated user to upload specially crafted XML files to induce server-side request forgery, disclose files local to the server that processes them. This issue affects AppBuilder: from 21.2 before 23.2. | 6.5 |
2024-01-24 | CVE-2024-21765 | XXE vulnerability in Cals-Ed products Electronic Delivery Check System (Doboku) Ver.18.1.0 and earlier, Electronic Delivery Check System (Dentsu) Ver.12.1.0 and earlier, Electronic Delivery Check System (Kikai) Ver.10.1.0 and earlier, and Electronic delivery item Inspection Support SystemVer.4.0.31 and earlier improperly restrict XML external entity references (XXE). | 5.5 |
2024-01-24 | CVE-2024-21796 | XXE vulnerability in Dfeg Electronic Deliverables Creation Support Tool Electronic Deliverables Creation Support Tool (Construction Edition) prior to Ver1.0.4 and Electronic Deliverables Creation Support Tool (Design & Survey Edition) prior to Ver1.0.4 improperly restrict XML external entity references (XXE). | 5.5 |
2024-01-24 | CVE-2024-22380 | XXE vulnerability in Maff Electronic Delivery Check System 14.0.001.002 Electronic Delivery Check System (Ministry of Agriculture, Forestry and Fisheries The Agriculture and Rural Development Project Version) March, Heisei 31 era edition Ver.14.0.001.002 and earlier improperly restricts XML external entity references (XXE). | 5.5 |
2024-01-18 | CVE-2024-23525 | XXE vulnerability in Tozt Spreadsheet::Parsexlsx The Spreadsheet::ParseXLSX package before 0.30 for Perl allows XXE attacks because it neglects to use the no_xxe option of XML::Twig. | 6.5 |
2024-01-09 | CVE-2023-6149 | XXE vulnerability in Qualys web Application Screening Qualys Jenkins Plugin for WAS prior to version and including 2.0.11 was identified to be affected by a security flaw, which was missing a permission check while performing a connectivity check to Qualys Cloud Services. | 6.5 |
2024-01-09 | CVE-2023-6147 | XXE vulnerability in Qualys Policy Compliance 1.0.5 Qualys Jenkins Plugin for Policy Compliance prior to version and including 1.0.5 was identified to be affected by a security flaw, which was missing a permission check while performing a connectivity check to Qualys Cloud Services. | 6.5 |
2024-01-09 | CVE-2023-26999 | XXE vulnerability in Netscout Ngeniusone 6.3.4 An issue found in NetScout nGeniusOne v.6.3.4 allows a remote attacker to execute arbitrary code and cause a denial of service via a crafted file. | 9.8 |
2023-12-30 | CVE-2023-52252 | XXE vulnerability in Unifiedremote Unified Remote 3.13.0 Unified Remote 3.13.0 allows remote attackers to execute arbitrary Lua code because of a wildcarded Access-Control-Allow-Origin for the Remote upload endpoint. | 9.8 |