Vulnerabilities > Improper Restriction of XML External Entity Reference ('XXE')
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-06-26 | CVE-2023-3113 | XXE vulnerability in Lenovo Xclarity Administrator An unauthenticated XML external entity injection (XXE) vulnerability exists in LXCA's Common Information Model (CIM) server that could result in read-only access to specific files. | 7.5 |
2023-06-15 | CVE-2023-3276 | XXE vulnerability in Dromara Hutool A vulnerability, which was classified as problematic, has been found in Dromara HuTool up to 5.8.19. | 7.5 |
2023-06-13 | CVE-2023-24470 | XXE vulnerability in Microfocus Arcsight Logger Potential XML External Entity Injection in ArcSight Logger versions prior to 7.3.0. | 9.1 |
2023-06-13 | CVE-2023-29498 | XXE vulnerability in Fujielectric Frenic RHC Loader 1.1.0.3 Improper restriction of XML external entity reference (XXE) vulnerability exists in FRENIC RHC Loader v1.1.0.3 and earlier. | 5.5 |
2023-06-05 | CVE-2023-34411 | XXE vulnerability in XML Library Project XML Library The xml-rs crate before 0.8.14 for Rust and Crab allows a denial of service (panic) via an invalid <! token (such as <!DOCTYPEs/%<!A nesting) in an XML document. | 7.5 |
2023-06-01 | CVE-2023-32706 | XXE vulnerability in Splunk and Splunk Cloud Platform On Splunk Enterprise versions below 9.0.5, 8.2.11, and 8.1.14, an unauthenticated attacker can send specially-crafted messages to the XML parser within SAML authentication to cause a denial of service in the Splunk daemon. | 6.5 |
2023-05-24 | CVE-2022-41221 | XXE vulnerability in Opentext Archive Center Administration The client in OpenText Archive Center Administration through 21.2 allows XXE attacks. | 7.1 |
2023-05-18 | CVE-2023-20173 | XXE vulnerability in Cisco Identity Services Engine Multiple vulnerabilities in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to read arbitrary files or conduct a server-side request forgery (SSRF) attack through an affected device. | 4.9 |
2023-05-18 | CVE-2023-20174 | XXE vulnerability in Cisco Identity Services Engine Multiple vulnerabilities in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to read arbitrary files or conduct a server-side request forgery (SSRF) attack through an affected device. | 4.9 |
2023-05-16 | CVE-2023-2161 | XXE vulnerability in Schneider-Electric OPC Factory Server A CWE-611: Improper Restriction of XML External Entity Reference vulnerability exists that could cause unauthorized read access to the file system when a malicious configuration file is loaded on to the software by a local user. | 5.5 |