Vulnerabilities > Improper Restriction of XML External Entity Reference ('XXE')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-12-19 | CVE-2023-46265 | XXE vulnerability in Ivanti Avalanche An unauthenticated could abuse a XXE vulnerability in the Smart Device Server to leak data or perform a Server-Side Request Forgery (SSRF). | 9.8 |
| 2023-12-15 | CVE-2023-6836 | XXE vulnerability in Wso2 products Multiple WSO2 products have been identified as vulnerable due to an XML External Entity (XXE) attack abuses a widely available but rarely used feature of XML parsers to access sensitive information. | 7.5 |
| 2023-12-11 | CVE-2023-6194 | XXE vulnerability in Eclipse Memory Analyzer In Eclipse Memory Analyzer versions 0.7 to 1.14.0, report definition XML files are not filtered to prohibit document type definition (DTD) references to external entities. This means that if a user chooses to use a malicious report definition XML file containing an external entity reference to generate a report then Eclipse Memory Analyzer may access external files or URLs defined via a DTD in the report definition. | 7.1 |
| 2023-11-29 | CVE-2023-49656 | XXE vulnerability in Jenkins Matlab 2.11.0 Jenkins MATLAB Plugin 2.11.0 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | 9.8 |
| 2023-11-09 | CVE-2023-4218 | XXE vulnerability in Eclipse IDE In Eclipse IDE versions < 2023-09 (4.29) some files with xml content are parsed vulnerable against all sorts of XXE attacks. | 5.0 |
| 2023-11-06 | CVE-2023-46802 | XXE vulnerability in NTA E-Tax 1.17.1 e-Tax software Version3.0.10 and earlier improperly restricts XML external entity references (XXE) due to the configuration of the embedded XML parser. | 5.5 |
| 2023-10-30 | CVE-2023-46502 | XXE vulnerability in Opencrx 5.2.2 An issue in openCRX v.5.2.2 allows a remote attacker to read internal files and execute server side request forgery attack via insecure DocumentBuilderFactory. | 9.8 |
| 2023-10-27 | CVE-2022-34832 | XXE vulnerability in Vermeg Agile Reporter 21.3 An issue was discovered in VERMEG AgileReporter 21.3. | 6.5 |
| 2023-10-23 | CVE-2023-43067 | XXE vulnerability in Dell products Dell Unity prior to 5.3 contains an XML External Entity injection vulnerability. | 6.5 |
| 2023-10-23 | CVE-2023-43624 | XXE vulnerability in Omrom Cx-Designer CX-Designer Ver.3.740 and earlier (included in CX-One CXONE-AL[][]D-V4) contains an improper restriction of XML external entity reference (XXE) vulnerability. | 5.5 |