Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
xml injection vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2018-18895
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-3004. Reason: This candidate is a duplicate of CVE-2014-3004. Notes: All CVE users should reference CVE-2014-3004 instead of this candidate. All references and descriptions in this candidate have been removed...
6.5
CVSSv3
CVE-2020-7032
An XML external entity (XXE) vulnerability in Avaya WebLM admin interface allows authenticated users to read arbitrary files or conduct server-side request forgery (SSRF) attacks via a crafted DTD in an XML request. Affected versions of Avaya WebLM include: 7.0 up to and includin...
Avaya Aura System Manager
Avaya Weblm
7.5
CVSSv3
CVE-2018-8819
An XXE issue exists in Automated Logic Corporation (ALC) WebCTRL Versions 6.0, 6.1 and 6.5. An unauthenticated attacker could enter malicious input to WebCTRL and a weakly configured XML parser will allow the application to disclose full file contents from the underlying web serv...
Carrier Automatedlogic Webctrl 6.0
Carrier Automatedlogic Webctrl 6.1
Carrier Automatedlogic Webctrl 6.5
9.8
CVSSv3
CVE-2018-14485
BlogEngine.NET 3.3 allows XXE attacks via the POST body to metaweblog.axd.
Blogengine Blogengine.net 3.3
1 EDB exploit
8.1
CVSSv3
CVE-2022-28213
When a user access SOAP Web services in SAP BusinessObjects Business Intelligence Platform - version 420, 430, it does not sufficiently validate the XML document accepted from an untrusted source, which might result in arbitrary files retrieval from the server and in successful e...
Sap Businessobjects Business Intelligence Platform 420
Sap Businessobjects Business Intelligence Platform 430
4.3
CVSSv3
CVE-2022-20938
A vulnerability in the module import function of the administrative interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote malicious user to view sensitive information. This vulnerability is due to insufficient validation of the XML syn...
Cisco Firepower Management Center 6.1.0.2
Cisco Firepower Management Center 6.2.0.2
Cisco Firepower Management Center 6.2.1
Cisco Firepower Management Center 6.1.0
Cisco Firepower Management Center 6.2.0
Cisco Firepower Management Center 6.1.0.3
Cisco Firepower Management Center 6.1.0.6
Cisco Firepower Management Center 6.2.2
Cisco Firepower Management Center 6.2.3
Cisco Firepower Management Center 6.2.0.5
Cisco Firepower Management Center 6.2.2.2
Cisco Firepower Management Center 6.1.0.7
Cisco Firepower Management Center 6.3.0
Cisco Firepower Management Center 6.2.2.1
Cisco Firepower Management Center 6.2.3.6
Cisco Firepower Management Center 6.4.0
Cisco Firepower Management Center 6.2.3.1
Cisco Firepower Management Center 6.2.3.2
Cisco Firepower Management Center 6.5.0
Cisco Firepower Management Center 6.2.3.10
Cisco Firepower Management Center 6.6.0.1
Cisco Firepower Management Center 6.6.0
NA
CVE-2014-8790
XML external entity (XXE) vulnerability in admin/api.php in GetSimple CMS 3.1.1 up to and including 3.3.x prior to 3.3.5 Beta 1, when in certain configurations, allows remote malicious users to read arbitrary files via the data parameter.
Get-simple Getsimple Cms 3.3.2
Get-simple Getsimple Cms 3.2
Cagintranetworks Getsimple Cms 3.3.3
Cagintranetworks Getsimple Cms 3.3.4
Get-simple Getsimple Cms 3.1.1
Get-simple Getsimple Cms 3.1.2
Get-simple Getsimple Cms 3.2.1
Get-simple Getsimple Cms 3.2.2
Get-simple Getsimple Cms 3.3.0
Get-simple Getsimple Cms 3.2.3
Get-simple Getsimple Cms 3.3.1
8.8
CVSSv3
CVE-2017-12216
A vulnerability in the web-based user interface of Cisco SocialMiner could allow an unauthenticated, remote malicious user to have read and write access to information stored in the affected system. The vulnerability is due to improper handling of XML External Entity (XXE) entrie...
Cisco Socialminer -
6.5
CVSSv3
CVE-2018-19371
The SaveUserSettings service in Content Manager in SDL Web 8.5.0 has an XXE Vulnerability that allows reading sensitive files from the system.
Sdl Web Content Manager 8.5.0
5.5
CVSSv3
CVE-2019-17554
The XML content type entity deserializer in Apache Olingo versions 4.0.0 to 4.6.0 is not configured to deny the resolution of external entities. Request with content type "application/xml", which trigger the deserialization of entities, can be used to trigger XXE attack...
Apache Olingo
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypass
CVE-2024-30043
camera
CVE-2023-40404
CVE-2024-2793
client side
CVE-2024-4469
CVE-2024-3565
CVE-2024-29825
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »