Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
xml external entity vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-40507
LG Simple Editor copyContent XML External Entity Processing Information Disclosure Vulnerability. This vulnerability allows remote malicious users to disclose sensitive information on affected installations of LG Simple Editor. Authentication is not required to exploit this vulne...
5.5
CVSSv3
CVE-2023-5136
An incorrect permission assignment in the TopoGrafix DataPlugin for GPX could result in information disclosure. An attacker could exploit this vulnerability by getting a user to open a specially crafted data file.
Ni Topografix Data Plugin 2023
Ni Diadem 2015
Ni Diadem 2014
Ni Diadem 2019
Ni Diadem 2018
Ni Diadem 2017
Ni Diadem 2020
Ni Diadem 2021
Ni Diadem 2022
Ni Diadem 2023
Ni Veristand 2017
Ni Veristand 2016
Ni Veristand 2014
Ni Veristand 2015
Ni Veristand 2013
Ni Veristand 2018
Ni Veristand 2019
Ni Veristand 2020
Ni Veristand 2021
Ni Veristand 2023
Ni Flexlogger 2021
Ni Flexlogger 2018
NA
CVE-2023-39472
Inductive Automation Ignition SimpleXMLReader XML External Entity Processing Information Disclosure Vulnerability. This vulnerability allows remote malicious users to disclose sensitive information on affected installations of Inductive Automation Ignition. Authentication is requ...
NA
CVE-2024-29010
The XML document processed in the GMS ECM URL endpoint is vulnerable to XML external entity (XXE) injection, potentially resulting in the disclosure of sensitive information. This issue affects GMS: 9.3.4 and previous versions versions.
8.8
CVSSv3
CVE-2022-21949
A Improper Restriction of XML External Entity Reference vulnerability in SUSE Open Build Service allows remote malicious users to reference external entities in certain operations. This can be used to gain information from the server that can be abused to escalate to Admin privil...
Opensuse Open Build Service
NA
CVE-2014-0644
EMC Cloud Tiering Appliance (CTA) 10 through SP1 allows remote malicious users to read arbitrary files via an api/login request containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, as demonstrated by...
Emc Cloud Tiering Appliance Software 10.0
Emc Cloud Tiering Appliance -
1 EDB exploit
NA
CVE-2014-7177
XML External Entity vulnerability in Enalean Tuleap 7.2 and previous versions allows remote authenticated users to read arbitrary files via a crafted xml document in a create action to plugins/tracker/.
Enalean Tuleap
1 EDB exploit
NA
CVE-2024-4357
An information disclosure vulnerability exists in Progress Telerik Report Server, version 2024 Q1 (10.0.24.305) or earlier, allows low-privilege malicious user to read systems file via XML External Entity Processing.
6.5
CVSSv3
CVE-2020-26981
A vulnerability has been identified in JT2Go (All versions < V13.1.0), Teamcenter Visualization (All versions < V13.1.0). When opening a specially crafted xml file, the application could disclose arbitrary files to remote attackers. This is because of the passing of special...
Siemens Jt2go
Siemens Teamcenter Visualization
NA
CVE-2013-4295
The gadget renderer in Apache Shindig 2.5.0 for PHP allows remote malicious users to obtain sensitive information via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
Apache Shindig 2.5.0
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-49223
CVE-2024-0044
information disclosure
CVE-2024-35753
HTML injection
CVE-2024-21306
CVE-2024-35733
SQL injection
CVE-2024-35732
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »