CWE:
 

Topic
Date
Author
Med.
OX App Suite 7.8.4 XSS / XML Injection / Information Disclosure
02.07.2018
Secator
High
Agorum Core Pro 7.8.1.4-251 XXE Injection
14.04.2017
Dr. Erlijn van Genucht...
High
USB Pratirodh XXE Injection
17.03.2017
Sachin Wagh
High
SAP NetWeaver 7.4 XXE Injection
24.11.2015
Roman Bezhan
High
Oracle E-Business Suite 12.1.3 XXE Injection
30.10.2015
erpscan
High
SAP Mobile Platform 3 XXE Injection
10.09.2015
Vahagn Vardanyan
High
Qlikview 11.20 SR4 Blind XXE Injection
09.09.2015
Alex Haynes
High
SAP NetWeaver Portal XMLValidationComponent XXE
25.06.2015
Vahagn Vardanyan
Med.
JobScheduler XML eXternal Entity Injection
09.09.2014
Christian Schneider


CVEMAP Search Results

CVE
Details
Description
2019-05-14
Medium
CVE-2018-8940

Vendor: Enghouse
Software: Contact center
 

 
ClientServiceConfigController.cs in Enghouse Cloud Contact Center Platform 7.2.5 has functionality for loading external XML files and parsing them, allowing an attacker to upload a malicious XML file and reference it in the URL of the application, forcing the application to load and parse the malicious XML file, aka an XXE issue.

 
2019-05-08
Medium
CVE-2019-7442

Vendor: Cyberark
Software: Enterprise p...
 

 
An XML external entity (XXE) vulnerability in the Password Vault Web Access (PVWA) of CyberArk Enterprise Password Vault <=10.7 allows remote attackers to read arbitrary files or potentially bypass authentication via a crafted DTD in the SAML authentication system.

 
2019-05-07
Medium
CVE-2019-4208

Vendor: IBM
Software: Tririga appl...
 

 
IBM TRIRIGA Application Platform 3.5.3 and 3.6.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 159129.

 
Medium
CVE-2018-14485

Vendor: Blogengine
Software: Blogengine.net
 

 
BlogEngine.NET 3.3 allows XXE attacks via the POST body to metaweblog.axd.

 
2019-05-02
Medium
CVE-2019-11677

Vendor: Zohocorp
Software: Manageengine...
 

 
The Custom Report import function in Zoho ManageEngine Firewall Analyzer before 12.3 Build 123224 is vulnerable to XML External Entity (XXE) Injection.

 
2019-04-30
Medium
CVE-2019-10309

Vendor: Jenkins
Software: Self-organiz...
 

 
Jenkins Self-Organizing Swarm Plug-in Modules Plugin clients that use UDP broadcasts to discover Jenkins masters do not prevent XML External Entity processing when processing the responses, allowing unauthorized attackers on the same network to read arbitrary files from Swarm clients.

 
2019-04-25
Low
CVE-2019-11519

Vendor: Nopcommerce
Software: Nopcommerce
 

 
Libraries/Nop.Services/Localization/LocalizationService.cs in nopCommerce through 4.10 allows XXE via the "Configurations -> Languages -> Edit Language -> Import Resources -> Upload XML file" screen.

 
2019-04-23
Low
CVE-2018-17169

Vendor: Printeron
Software: Printeron
 

 
An XML external entity (XXE) vulnerability in PrinterOn version 4.1.4 and lower allows remote authenticated users to read arbitrary files or conduct server-side request forgery (SSRF) attacks via a crafted DTD in an XML request.

 
2019-04-18
Low
CVE-2018-17289

Vendor: Kofax
Software: Front office...
 

 
An XML external entity (XXE) vulnerability in Kofax Front Office Server Administration Console version 4.1.1.11.0.5212 allows remote authenticated users to read arbitrary files via crafted XML inside an imported package configuration (.ZIP file) within the Kofax/KFS/Admin/PackageService/package/upload file parameter.

 
Medium
CVE-2019-8999

Vendor: Blackberry
Software: Unified endp...
 

 
An XML External Entity vulnerability in the UEM Core of BlackBerry UEM version(s) earlier than 12.10.1a could allow an attacker to potentially gain read access to files on any system reachable by the UEM service account.

 

 


Copyright 2019, cxsecurity.com

 

Back to Top