Vulnerabilities > Improper Restriction of XML External Entity Reference ('XXE')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-08-11 | CVE-2023-0871 | XXE vulnerability in Opennms Horizon and Meridian XXE injection in /rtc/post/ endpoint in OpenMNS Horizon 31.0.8 and versions earlier than 32.0.2 on multiple platforms is vulnerable to XML external entity (XXE) injection, which can be used for instance to force Horizon to make arbitrary HTTP requests to internal and external services. The solution is to upgrade to Meridian 2023.1.6, 2022.1.19, 2021.1.30, 2020.1.38 or Horizon 32.0.2 or newer. | 6.1 |
| 2023-08-11 | CVE-2023-3823 | XXE vulnerability in multiple products In PHP versions 8.0.* before 8.0.30, 8.1.* before 8.1.22, and 8.2.* before 8.2.8 various XML functions rely on libxml global state to track configuration variables, like whether external entities are loaded. | 7.5 |
| 2023-08-10 | CVE-2023-32567 | XXE vulnerability in Ivanti Avalanche Ivanti Avalanche decodeToMap XML External Entity Processing. | 9.8 |
| 2023-08-04 | CVE-2020-26064 | XXE vulnerability in Cisco Catalyst Sd-Wan Manager A vulnerability in the web UI of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to gain read and write access to information that is stored on an affected system. The vulnerability is due to improper handling of XML External Entity (XXE) entries when parsing certain XML files. | 8.1 |
| 2023-08-03 | CVE-2023-30951 | XXE vulnerability in Palantir Magritte-Rest-Source-Bundle The Foundry Magritte plugin rest-source was found to be vulnerable to an an XML external Entity attack (XXE). | 6.5 |
| 2023-08-03 | CVE-2023-37497 | XXE vulnerability in Hcltech Unica The Unica application exposes an API which accepts arbitrary XML input. | 8.8 |
| 2023-08-03 | CVE-2023-37364 | XXE vulnerability in Ws-Inc J Wbem 4.0.0 In WS-Inc J WBEM Server 4.7.4 before 4.7.5, the CIM-XML protocol adapter does not disable entity resolution. | 9.1 |
| 2023-07-25 | CVE-2023-32639 | XXE vulnerability in MOJ Applicant Programme 7.06 Applicant Programme Ver.7.06 and earlier improperly restricts XML external entity references (XXE). | 5.5 |
| 2023-07-19 | CVE-2023-32635 | XXE vulnerability in Edinet-Fsa Xbrl Data Create 7.0 XBRL data create application version 7.0 and earlier improperly restricts XML external entity references (XXE). | 5.5 |
| 2023-07-12 | CVE-2023-37942 | XXE vulnerability in Jenkins External Monitor JOB Type Jenkins External Monitor Job Type Plugin 206.v9a_94ff0b_4a_10 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | 6.5 |