Vulnerabilities > Improper Restriction of XML External Entity Reference ('XXE')

DATE CVE VULNERABILITY TITLE RISK
2018-06-26 CVE-2018-1000548 XXE vulnerability in Umlet
Umlet version < 14.3 contains a XML External Entity (XXE) vulnerability in File parsing that can result in disclosure of confidential data, denial of service, server side request forgery.
local
low complexity
umlet CWE-611
7.8
7.8
2018-06-26 CVE-2018-1000546 XXE vulnerability in Triplea-Game Triplea
Triplea version <= 1.9.0.0.10291 contains a XML External Entity (XXE) vulnerability in Importing game data that can result in Possible information disclosure, server-side request forgery, or remote code execution.
local
low complexity
triplea-game CWE-611
7.8
7.8
2018-06-26 CVE-2018-1000542 XXE vulnerability in Netbeans-Mmd-Plugin Project Netbeans-Mmd-Plugin 1.4.3
netbeans-mmd-plugin version <= 1.4.3 contains a XML External Entity (XXE) vulnerability in MMD file import that can result in Possible information disclosure, server-side request forgery, or remote code execution.
local
low complexity
netbeans-mmd-plugin-project CWE-611
7.8
7.8
2018-06-26 CVE-2018-1000540 XXE vulnerability in Loboevolution Project Loboevolution
LoboEvolution version < 9b75694cedfa4825d4a2330abf2719d470c654cd contains a XML External Entity (XXE) vulnerability in XML Parsing when viewing the XML file in the browser that can result in disclosure of confidential data, denial of service, server side request forgery.
local
low complexity
loboevolution-project CWE-611
7.8
7.8
2018-06-26 CVE-2018-1000515 XXE vulnerability in News-Articles Project News-Articles 00.09.11
ventrian News-Articles version NewsArticles.00.09.11 contains a XML External Entity (XXE) vulnerability in News-Articles/API/MetaWebLog/Handler.ashx.vb that can result in Attacker can read any file in the server or use smbrelay attack to access to server..
network
low complexity
news-articles-project CWE-611
7.5
7.5
2018-06-14 CVE-2018-8819 XXE vulnerability in Carrier Automatedlogic Webctrl 6.0/6.1/6.5
An XXE issue was discovered in Automated Logic Corporation (ALC) WebCTRL Versions 6.0, 6.1 and 6.5.
network
low complexity
carrier CWE-611
7.5
7.5
2018-06-13 CVE-2018-5434 XXE vulnerability in Tibco Runtime Agent
The TIBCO Designer component of TIBCO Software Inc.'s TIBCO Runtime Agent, and TIBCO Runtime Agent for z/Linux contains vulnerabilities wherein a malicious user could perform XML external entity expansion (XXE) attacks to disclose host machine information.
network
low complexity
tibco CWE-611
6.5
6.5
2018-06-13 CVE-2018-5433 XXE vulnerability in Tibco Administrator
The TIBCO Administrator server component of TIBCO Software Inc.'s TIBCO Administrator - Enterprise Edition, and TIBCO Administrator - Enterprise Edition for z/Linux contains vulnerabilities wherein a malicious user could perform XML external entity expansion (XXE) attacks to disclose host machine information.
network
low complexity
tibco CWE-611
6.5
6.5
2018-06-11 CVE-2017-3208 XXE vulnerability in Themidnightcoders Weborb for Java 5.1.1.0
The Java implementation of AMF3 deserializers used by WebORB for Java by Midnight Coders, version 5.1.1.0, allows external entity references (XXEs) from XML documents embedded within AMF3 messages.
network
low complexity
themidnightcoders CWE-611
critical
 9.8
9.8
2018-06-11 CVE-2017-3206 XXE vulnerability in Exadel Flamingo 2.2.0
The Java implementation of AMF3 deserializers used by Flamingo amf-serializer by Exadel, version 2.2.0, allows external entity references (XXEs) from XML documents embedded within AMF3 messages.
network
low complexity
exadel CWE-611
critical
 9.8
9.8