Vulnerabilities > Improper Restriction of XML External Entity Reference ('XXE')

DATE CVE VULNERABILITY TITLE RISK
2023-10-02 CVE-2023-42132 XXE vulnerability in Mhlw FD Application 9.01
FD Application Apr.
local
low complexity
mhlw CWE-611
5.5
2023-09-25 CVE-2022-4245 XXE vulnerability in multiple products
A flaw was found in codehaus-plexus.
network
low complexity
codehaus-plexus redhat CWE-611
4.3
2023-09-21 CVE-2023-38343 XXE vulnerability in Ivanti Endpoint Manager
An XXE (XML external entity injection) vulnerability exists in the CSEP component of Ivanti Endpoint Manager before 2022 SU4.
network
low complexity
ivanti CWE-611
7.5
2023-09-19 CVE-2023-3892 XXE vulnerability in Mimsoftware Assistant and Client
Improper Restriction of XML External Entity Reference vulnerability in MIM Assistant and Client DICOM RTst Loading modules allows XML Entity Linking / XML External Entities Blowup. In order to take advantage of this vulnerability, an attacker must craft a malicious XML document, embed this document into specific 3rd party private RTst metadata tags, transfer the now compromised DICOM object to MIM, and force MIM to archive and load the data. Users on either version are strongly encouraged to update to an unaffected version (7.2.11+, 7.3.4+). This issue was found and analyzed by MIM Software's internal security team.  We are unaware of any proof of concept or actual exploit available in the wild. For more information, visit https://www.mimsoftware.com/cve-2023-3892 https://www.mimsoftware.com/cve-2023-3892 This issue affects MIM Assistant: 7.2.10, 7.3.3; MIM Client: 7.2.10, 7.3.3.
low complexity
mimsoftware CWE-611
7.4
2023-09-06 CVE-2023-41932 XXE vulnerability in Jenkins JOB Configuration History
Jenkins Job Configuration History Plugin 1227.v7a_79fc4dc01f and earlier does not restrict 'timestamp' query parameters in multiple endpoints, allowing attackers with to delete attacker-specified directories on the Jenkins controller file system as long as they contain a file called 'history.xml'.
network
low complexity
jenkins CWE-611
6.5
2023-09-06 CVE-2023-41933 XXE vulnerability in Jenkins JOB Configuration History
Jenkins Job Configuration History Plugin 1227.v7a_79fc4dc01f and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.
network
low complexity
jenkins CWE-611
8.8
2023-09-05 CVE-2023-35892 XXE vulnerability in IBM Financial Transaction Manager 3.2.4
IBM Financial Transaction Manager for SWIFT Services 3.2.4 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data.
network
low complexity
ibm CWE-611
critical
9.1
2023-09-01 CVE-2023-40239 XXE vulnerability in Lexmark products
Certain Lexmark devices (such as CS310) before 2023-08-25 allow XXE attacks, leading to information disclosure.
network
low complexity
lexmark CWE-611
7.5
2023-08-25 CVE-2023-24620 XXE vulnerability in Esotericsoftware Yamlbeans
An issue was discovered in Esoteric YamlBeans through 1.15.
local
low complexity
esotericsoftware CWE-611
5.5
2023-08-22 CVE-2022-48565 XXE vulnerability in multiple products
An XML External Entity (XXE) issue was discovered in Python through 3.9.1.
network
low complexity
python debian CWE-611
critical
9.8