Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
xxe vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv3
CVE-2019-17085
XXE attack vulnerability on Micro Focus Operations Agent, affected version 12.0, 12.01, 12.02, 12.03, 12.04, 12.05, 12.06, 12.10, 12.11. The vulnerability could be exploited to do an XXE attack on Operations Agent.
Microfocus Operations Agent 12.01
Microfocus Operations Agent 12.02
Microfocus Operations Agent 12.03
Microfocus Operations Agent 12.04
Microfocus Operations Agent 12.05
Microfocus Operations Agent 12.06
Microfocus Operations Agent 12.10
Microfocus Operations Agent 12.11
Microfocus Operations Agent 12.0
9.8
CVSSv3
CVE-2018-8027
Apache Camel 2.20.0 to 2.20.3 and 2.21.0 Core is vulnerable to XXE in XSD validation processor.
Apache Camel 2.21.0
Apache Camel
9.8
CVSSv3
CVE-2018-6486
XML External Entity (XXE) vulnerability in Micro Focus Fortify Audit Workbench (AWB) and Micro Focus Fortify Software Security Center (SSC), versions 16.10, 16.20, 17.10. This vulnerability could be exploited to allow a XML External Entity (XXE) injection.
Microfocus Fortify Audit Workbench 16.10
Microfocus Fortify Audit Workbench 16.20
Microfocus Fortify Audit Workbench 17.10
Microfocus Fortify Software Security Center 16.10
Microfocus Fortify Software Security Center 16.20
Microfocus Fortify Software Security Center 17.10
6.5
CVSSv3
CVE-2022-43570
In Splunk Enterprise versions below 8.1.12, 8.2.9, and 9.0.2, an authenticated user can perform an extensible markup language (XML) external entity (XXE) injection via a custom View. The XXE injection causes Splunk Web to embed incorrect documents into an error.
Splunk Splunk
Splunk Splunk Cloud Platform
7.2
CVSSv3
CVE-2022-3340
XML External Entity (XXE) vulnerability in Trellix IPS Manager before 10.1 M8 allows a remote authenticated administrator to perform XXE attack in the administrator interface part of the interface, which allows a saved XML configuration file to be imported.
Trellix Intrusion Prevention System Manager
Trellix Intrusion Prevention System Manager 10.1
9.1
CVSSv3
CVE-2021-27931
LumisXP (aka Lumis Experience Platform) prior to 10.0.0 allows unauthenticated blind XXE via an API request to PageControllerXml.jsp. One can send a request crafted with an XXE payload and achieve outcomes such as reading local server files or denial of service.
Lumis Lumis Experience Platform
8.2
CVSSv3
CVE-2017-5992
Openpyxl 2.4.1 resolves external entities by default, which allows remote malicious users to conduct XXE attacks via a crafted .xlsx document.
Python Openpyxl 2.4.1
8.1
CVSSv3
CVE-2022-28155
Jenkins Pipeline: Phoenix AutoTest Plugin 1.3 and previous versions does not configure its XML parser to prevent XML external entity (XXE) attacks.
Jenkins Pipeline\\ Phoenix Autotest
8.1
CVSSv3
CVE-2022-28140
Jenkins Flaky Test Handler Plugin 1.2.1 and previous versions does not configure its XML parser to prevent XML external entity (XXE) attacks.
Jenkins Flaky Test Handler
6.4
CVSSv3
CVE-2018-17152
Intersystems Cache 2017.2.2.865.0 allows XXE.
Intersystems Cache 2017.2.2.865.0
Intersystems Cache 2018.1.2
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33572
CVE-2024-24919
CVE-2024-0230
CVE-2024-32714
HTML injection
local file inclusion
CVE-2024-31098
CVE-2024-31244
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10
NEXT »