Vulnerabilities > Improper Restriction of XML External Entity Reference ('XXE')

DATE CVE VULNERABILITY TITLE RISK
2023-08-11 CVE-2023-0871 XXE vulnerability in Opennms Horizon and Meridian
XXE injection in /rtc/post/ endpoint in OpenMNS Horizon 31.0.8 and versions earlier than 32.0.2 on multiple platforms is vulnerable to XML external entity (XXE) injection, which can be used for instance to force Horizon to make arbitrary HTTP requests to internal and external services. The solution is to upgrade to Meridian 2023.1.6, 2022.1.19, 2021.1.30, 2020.1.38 or Horizon 32.0.2 or newer.
low complexity
opennms CWE-611
6.1
2023-08-11 CVE-2023-3823 XXE vulnerability in multiple products
In PHP versions 8.0.* before 8.0.30, 8.1.* before 8.1.22, and 8.2.* before 8.2.8 various XML functions rely on libxml global state to track configuration variables, like whether external entities are loaded.
network
low complexity
php fedoraproject debian CWE-611
7.5
2023-08-10 CVE-2023-32567 XXE vulnerability in Ivanti Avalanche
Ivanti Avalanche decodeToMap XML External Entity Processing.
network
low complexity
ivanti CWE-611
critical
9.8
2023-08-04 CVE-2020-26064 XXE vulnerability in Cisco Catalyst Sd-Wan Manager
A vulnerability in the web UI of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to gain read and write access to information that is stored on an affected system. The vulnerability is due to improper handling of XML External Entity (XXE) entries when parsing certain XML files.
network
low complexity
cisco CWE-611
8.1
2023-08-03 CVE-2023-30951 XXE vulnerability in Palantir Magritte-Rest-Source-Bundle
The Foundry Magritte plugin rest-source was found to be vulnerable to an an XML external Entity attack (XXE).
network
low complexity
palantir CWE-611
6.5
2023-08-03 CVE-2023-37497 XXE vulnerability in Hcltech Unica
The Unica application exposes an API which accepts arbitrary XML input.
network
low complexity
hcltech CWE-611
8.8
2023-08-03 CVE-2023-37364 XXE vulnerability in Ws-Inc J Wbem 4.0.0
In WS-Inc J WBEM Server 4.7.4 before 4.7.5, the CIM-XML protocol adapter does not disable entity resolution.
network
low complexity
ws-inc CWE-611
critical
9.1
2023-07-25 CVE-2023-32639 XXE vulnerability in MOJ Applicant Programme 7.06
Applicant Programme Ver.7.06 and earlier improperly restricts XML external entity references (XXE).
local
low complexity
moj CWE-611
5.5
2023-07-19 CVE-2023-32635 XXE vulnerability in Edinet-Fsa Xbrl Data Create 7.0
XBRL data create application version 7.0 and earlier improperly restricts XML external entity references (XXE).
local
low complexity
edinet-fsa CWE-611
5.5
2023-07-12 CVE-2023-37942 XXE vulnerability in Jenkins External Monitor JOB Type
Jenkins External Monitor Job Type Plugin 206.v9a_94ff0b_4a_10 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.
network
low complexity
jenkins CWE-611
6.5