Vulnerabilities > Improper Restriction of XML External Entity Reference ('XXE')

DATE	CVE	VULNERABILITY TITLE	RISK
2018-07-26	CVE-2017-7545	XXE vulnerability in Redhat Decision Manager, Jboss BPM Suite and Jbpm It was discovered that the XmlUtils class in jbpmmigration 6.5 performed expansion of external parameter entities while parsing XML files. network low complexity redhat CWE-611	6.5
2018-07-24	CVE-2018-10600	XXE vulnerability in Selinc Acselerator Architect 2.2.24.0 SEL AcSELerator Architect version 2.2.24.0 and prior allows unsanitized input to be passed to the XML parser, which may allow disclosure and retrieval of arbitrary data, arbitrary code execution (in certain situations on specific platforms), and denial of service attacks. network low complexity selinc CWE-611 critical	9.8
2018-07-20	CVE-2014-2296	XXE vulnerability in Apereo CAS Server XML external entity (XXE) vulnerability in java/org/jasig/cas/util/SamlUtils.java in Jasig CAS server before 3.4.12.1 and 3.5.x before 3.5.2.1, when Google Accounts Integration is enabled, allows remote unauthenticated users to bypass authentication via crafted XML data. network low complexity apereo CWE-611	8.8
2018-07-15	CVE-2018-14065	XXE vulnerability in PHPoffice Project Common XMLReader.php in PHPOffice Common before 0.2.9 allows XXE. network low complexity phpoffice-project CWE-611 critical	9.8
2018-07-13	CVE-2016-9487	XXE vulnerability in W3 Epubcheck 4.0.1 EpubCheck 4.0.1 does not properly restrict resolving external entities when parsing XML in EPUB files during validation. local low complexity w3 CWE-611	7.8
2018-07-12	CVE-2018-12463	XXE vulnerability in HP Fortify Software Security Center 17.1/17.2/18.1 An XML external entity (XXE) vulnerability in Fortify Software Security Center (SSC), version 17.1, 17.2, 18.1 allows remote unauthenticated users to read arbitrary files or conduct server-side request forgery (SSRF) attacks via a crafted DTD in an XML request. network low complexity hp CWE-611 critical	9.8
2018-07-09	CVE-2018-1000616	XXE vulnerability in Onosproject Onos ONOS ONOS controller version 1.13.1 and earlier contains a XML External Entity (XXE) vulnerability in onos\drivers\utilities\src\main\java\org\onosproject\drivers\utilities\XmlConfigParser.java loadxml() that can result in An adversary can remotely launch XXE attacks on ONOS controller via an OpenConfig Terminal Device.. network low complexity onosproject CWE-611 critical	9.8
2018-07-09	CVE-2018-1000614	XXE vulnerability in Onosproject Onos ONOS ONOS Controller version 1.13.1 and earlier contains a XML External Entity (XXE) vulnerability in providers/netconf/alarm/src/main/java/org/onosproject/provider/netconf/alarm/NetconfAlarmTranslator.java that can result in An adversary can remotely launch advanced XXE attacks on ONOS controller without authentication.. network low complexity onosproject CWE-611 critical	9.8
2018-07-08	CVE-2018-13439	XXE vulnerability in Tencent Wechat PAY WXPayUtil in WeChat Pay Java SDK allows XXE attacks involving a merchant notification URL. network low complexity tencent CWE-611	7.5
2018-07-06	CVE-2018-1542	XXE vulnerability in IBM Content Foundation and Filenet Content Manager IBM FileNet Content Manager, IBM Content Foundation, and IBM Case Foundation Administration Console for Content Platform Engine (ACCE) 5.2.1 and 5.5.0 are vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. network low complexity ibm CWE-611	7.1