Vulnerabilities > Improper Restriction of XML External Entity Reference ('XXE')

DATE CVE VULNERABILITY TITLE RISK
2024-01-24 CVE-2024-21796 XXE vulnerability in Dfeg Electronic Deliverables Creation Support Tool
Electronic Deliverables Creation Support Tool (Construction Edition) prior to Ver1.0.4 and Electronic Deliverables Creation Support Tool (Design & Survey Edition) prior to Ver1.0.4 improperly restrict XML external entity references (XXE).
local
low complexity
dfeg CWE-611
5.5
2024-01-24 CVE-2024-22380 XXE vulnerability in Maff Electronic Delivery Check System 14.0.001.002
Electronic Delivery Check System (Ministry of Agriculture, Forestry and Fisheries The Agriculture and Rural Development Project Version) March, Heisei 31 era edition Ver.14.0.001.002 and earlier improperly restricts XML external entity references (XXE).
local
low complexity
maff CWE-611
5.5
2024-01-18 CVE-2024-23525 XXE vulnerability in Tozt Spreadsheet::Parsexlsx
The Spreadsheet::ParseXLSX package before 0.30 for Perl allows XXE attacks because it neglects to use the no_xxe option of XML::Twig.
network
low complexity
tozt CWE-611
6.5
2024-01-09 CVE-2023-6149 XXE vulnerability in Qualys web Application Screening
Qualys Jenkins Plugin for WAS prior to version and including 2.0.11 was identified to be affected by a security flaw, which was missing a permission check while performing a connectivity check to Qualys Cloud Services.
network
low complexity
qualys CWE-611
6.5
2024-01-09 CVE-2023-6147 XXE vulnerability in Qualys Policy Compliance 1.0.5
Qualys Jenkins Plugin for Policy Compliance prior to version and including 1.0.5 was identified to be affected by a security flaw, which was missing a permission check while performing a connectivity check to Qualys Cloud Services.
network
low complexity
qualys CWE-611
6.5
2024-01-09 CVE-2023-26999 XXE vulnerability in Netscout Ngeniusone 6.3.4
An issue found in NetScout nGeniusOne v.6.3.4 allows a remote attacker to execute arbitrary code and cause a denial of service via a crafted file.
network
low complexity
netscout CWE-611
critical
9.8
2023-12-30 CVE-2023-52252 XXE vulnerability in Unifiedremote Unified Remote 3.13.0
Unified Remote 3.13.0 allows remote attackers to execute arbitrary Lua code because of a wildcarded Access-Control-Allow-Origin for the Remote upload endpoint.
network
low complexity
unifiedremote CWE-611
critical
9.8
2023-12-19 CVE-2023-46265 XXE vulnerability in Ivanti Avalanche
An unauthenticated could abuse a XXE vulnerability in the Smart Device Server to leak data or perform a Server-Side Request Forgery (SSRF).
network
low complexity
ivanti CWE-611
critical
9.8
2023-12-15 CVE-2023-6836 XXE vulnerability in Wso2 products
Multiple WSO2 products have been identified as vulnerable due to an XML External Entity (XXE) attack abuses a widely available but rarely used feature of XML parsers to access sensitive information.
network
low complexity
wso2 CWE-611
7.5
2023-12-11 CVE-2023-6194 XXE vulnerability in Eclipse Memory Analyzer
In Eclipse Memory Analyzer versions 0.7 to 1.14.0, report definition XML files are not filtered to prohibit document type definition (DTD) references to external entities. This means that if a user chooses to use a malicious report definition XML file containing an external entity reference to generate a report then Eclipse Memory Analyzer may access external files or URLs defined via a DTD in the report definition.
local
low complexity
eclipse CWE-611
7.1