Vulnerabilities > Improper Restriction of XML External Entity Reference ('XXE')

DATE CVE VULNERABILITY TITLE RISK
2018-07-13 CVE-2016-9487 XXE vulnerability in W3 Epubcheck 4.0.1
EpubCheck 4.0.1 does not properly restrict resolving external entities when parsing XML in EPUB files during validation.
local
low complexity
w3 CWE-611
7.8
7.8
2018-07-12 CVE-2018-12463 XXE vulnerability in HP Fortify Software Security Center 17.1/17.2/18.1
An XML external entity (XXE) vulnerability in Fortify Software Security Center (SSC), version 17.1, 17.2, 18.1 allows remote unauthenticated users to read arbitrary files or conduct server-side request forgery (SSRF) attacks via a crafted DTD in an XML request.
network
low complexity
hp CWE-611
critical
 9.8
9.8
2018-07-09 CVE-2018-1000616 XXE vulnerability in Onosproject Onos
ONOS ONOS controller version 1.13.1 and earlier contains a XML External Entity (XXE) vulnerability in onos\drivers\utilities\src\main\java\org\onosproject\drivers\utilities\XmlConfigParser.java loadxml() that can result in An adversary can remotely launch XXE attacks on ONOS controller via an OpenConfig Terminal Device..
network
low complexity
onosproject CWE-611
critical
 9.8
9.8
2018-07-09 CVE-2018-1000614 XXE vulnerability in Onosproject Onos
ONOS ONOS Controller version 1.13.1 and earlier contains a XML External Entity (XXE) vulnerability in providers/netconf/alarm/src/main/java/org/onosproject/provider/netconf/alarm/NetconfAlarmTranslator.java that can result in An adversary can remotely launch advanced XXE attacks on ONOS controller without authentication..
network
low complexity
onosproject CWE-611
critical
 9.8
9.8
2018-07-08 CVE-2018-13439 XXE vulnerability in Tencent Wechat PAY
WXPayUtil in WeChat Pay Java SDK allows XXE attacks involving a merchant notification URL.
network
low complexity
tencent CWE-611
7.5
7.5
2018-07-06 CVE-2018-1542 XXE vulnerability in IBM Content Foundation and Filenet Content Manager
IBM FileNet Content Manager, IBM Content Foundation, and IBM Case Foundation Administration Console for Content Platform Engine (ACCE) 5.2.1 and 5.5.0 are vulnerable to a XML External Entity Injection (XXE) attack when processing XML data.
network
low complexity
ibm CWE-611
7.1
7.1
2018-07-05 CVE-2018-8026 XXE vulnerability in multiple products
This vulnerability in Apache Solr 6.0.0 to 6.6.4 and 7.0.0 to 7.3.1 relates to an XML external entity expansion (XXE) in Solr config files (currency.xml, enumsConfig.xml referred from schema.xml, TIKA parsecontext config file).
local
low complexity
apache netapp CWE-611
5.5
5.5
2018-07-03 CVE-2018-11640 XXE vulnerability in Dialogic Powermedia XMS 3.5
XML External Entity (XXE) vulnerability in the web service in Dialogic PowerMedia XMS before 3.5 SU2 allows remote attackers to read arbitrary files or cause a denial of service (resource consumption).
network
low complexity
dialogic CWE-611
critical
 9.1
9.1
2018-07-03 CVE-2018-7783 XXE vulnerability in Schneider-Electric Somachine Basic
Schneider Electric SoMachine Basic prior to v1.6 SP1 suffers from an XML External Entity (XXE) vulnerability using the DTD parameter entities technique resulting in disclosure and retrieval of arbitrary data on the affected node via out-of-band (OOB) attack.
network
low complexity
schneider-electric CWE-611
7.5
7.5
2018-06-27 CVE-2017-7465 XXE vulnerability in Redhat Jboss Enterprise Application Platform 7.0.0
It was found that the JAXP implementation used in JBoss EAP 7.0 for XSLT processing is vulnerable to code injection.
network
low complexity
redhat CWE-611
critical
 9.8
9.8