CWE:
 

Tytuł
Data
Autor
High
SAP JAVA NetWeaver System Connections XML Injection
23.10.2021
Pablo Artuso
Med.
OX App Suite 7.8.4 XSS / XML Injection / Information Disclosure
02.07.2018
Secator
High
Agorum Core Pro 7.8.1.4-251 XXE Injection
14.04.2017
Dr. Erlijn van Genucht...
High
USB Pratirodh XXE Injection
17.03.2017
Sachin Wagh
High
SAP NetWeaver 7.4 XXE Injection
24.11.2015
Roman Bezhan
High
Oracle E-Business Suite 12.1.3 XXE Injection
30.10.2015
erpscan
High
SAP Mobile Platform 3 XXE Injection
10.09.2015
Vahagn Vardanyan
High
Qlikview 11.20 SR4 Blind XXE Injection
09.09.2015
Alex Haynes
High
SAP NetWeaver Portal XMLValidationComponent XXE
25.06.2015
Vahagn Vardanyan
Med.
JobScheduler XML eXternal Entity Injection
09.09.2014
Christian Schneider


Common Weakness Enumeration (CWE)

CVE
Szczegóły
Opis
2021-12-01
Medium
CVE-2021-42776

Vendor: Cloverdx
Software: Cloverdx
 

 
CloverDX Server before 5.11.2 and and 5.12.x before 5.12.1 allows XXE during configuration import.

 
2021-11-22
Low
CVE-2021-44147

Vendor: Claris
Software: Filemaker pro
 

 
An XML External Entity issue in Claris FileMaker Pro and Server (including WebDirect) before 19.4.1 allows a remote attacker to disclose local files via a crafted XML/Excel document and perform server-side request forgery attacks.

 
2021-11-12
Low
CVE-2021-21701

Vendor: Jenkins
Software: Performance
 

 
Jenkins Performance Plugin 3.20 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.

 
Low
CVE-2021-43576

Vendor: Jenkins
Software: Pom2config
 

 
Jenkins pom2config Plugin 1.2 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks, allowing attackers with Overall/Read and Item/Read permissions to have Jenkins parse a crafted XML file that uses external entities for extraction of secrets from the Jenkins controller or server-side request forgery.

 
Medium
CVE-2021-43577

Vendor: Jenkins
Software: Owasp depend...
 

 
Jenkins OWASP Dependency-Check Plugin 5.1.1 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.

 
2021-11-02
Medium
CVE-2021-36172

Vendor: Fortinet
Software: Fortiportal
 

 
An improper restriction of XML external entity reference vulnerability in the parser of XML responses of FortiPortal before 6.0.6 may allow an attacker who controls the producer of XML reports consumed by FortiPortal to trigger a denial of service or read arbitrary files from the underlying file system by means of specifically crafted XML documents.

 
2021-11-01
Low
CVE-2021-20839

Vendor: Antennahouse
Software: Office serve...
 

 
Office Server Document Converter V7.2MR4 and earlier and V7.1MR7 and earlier allows a remote unauthenticated attacker to conduct an XML External Entity (XXE) attack to cause a denial of service (DoS) condition to the other servers by processing a specially crafted XML document.

 
Medium
CVE-2021-20838

Vendor: Antennahouse
Software: Office serve...
 

 
Office Server Document Converter V7.2MR4 and earlier and V7.1MR7 and earlier allows a remote unauthenticated attacker to conduct an XML External Entity (XXE) attack to cause a denial of service (DoS) condition by processing a specially crafted XML document.

 
2021-10-31
Medium
CVE-2020-26705

Vendor: PYPI
Software: Easyxml
 

 
The parseXML function in Easy-XML 0.5.0 was discovered to have a XML External Entity (XXE) vulnerability which allows for an attacker to expose sensitive data or perform a denial of service (DOS) via a crafted external entity entered into the XML content as input.

 
Medium
CVE-2020-25911

Vendor: MODX
Software: Modx revolution
 

 
A XML External Entity (XXE) vulnerability was discovered in the modRestServiceRequest component in MODX CMS 2.7.3 which can lead to an information disclosure or denial of service (DOS).

 

 


Copyright 2021, cxsecurity.com

 

Back to Top