Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
xml injection vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2019-12924
MailEnable Enterprise Premium 10.23 was vulnerable to XML External Entity Injection (XXE) attacks that could be exploited by an unauthenticated user. It was possible for an malicious user to use a vulnerability in the configuration of the XML processor to read any file on the hos...
Mailenable Mailenable
9.8
CVSSv3
CVE-2019-9670
mailboxd component in Synacor Zimbra Collaboration Suite 8.7.x prior to 8.7.11p10 has an XML External Entity injection (XXE) vulnerability, as demonstrated by Autodiscover/Autodiscover.xml.
Synacor Zimbra Collaboration Suite 8.7.11
Synacor Zimbra Collaboration Suite
1 EDB exploit
7 Github repositories
9.8
CVSSv3
CVE-2018-8940
ClientServiceConfigController.cs in Enghouse Cloud Contact Center Platform 7.2.5 has functionality for loading external XML files and parsing them, allowing an malicious user to upload a malicious XML file and reference it in the URL of the application, forcing the application to...
Enghouse Contact Center\\ Service Provider
9.8
CVSSv3
CVE-2018-19987
D-Link DIR-822 Rev.B 202KRb06, DIR-822 Rev.C 3.10B06, DIR-860L Rev.B 2.03.B03, DIR-868L Rev.B 2.05B02, DIR-880L Rev.A 1.20B01_01_i3se_BETA, and DIR-890L Rev.A 1.21B02_BETA devices mishandle IsAccessPoint in /HNAP1/SetAccessPointMode. In the SetAccessPointMode.php source code, the...
D-link Dir-818lw Firmware 2.05.b03
D-link Dir-822 Firmware 202krb06
Dlink Dir-822 Firmware 3.10b06
D-link Dir-860l Firmware 2.03.b03
D-link Dir-868l Firmware 2.05b02
D-link Dir-880l Firmware 1.20b01 01 I3se
D-link Dir-890l\\/r Firmware 1.21b02
2 Github repositories
9.8
CVSSv3
CVE-2018-19988
In the /HNAP1/SetClientInfoDemo message, the AudioMute and AudioEnable parameters are vulnerable, and the vulnerabilities affect D-Link DIR-868L Rev.B 2.05B02 devices. In the SetClientInfoDemo.php source code, the AudioMute and AudioEnble parameters are saved in the ShellPath scr...
D-link Dir-868l Firmware 2.05b02
9.8
CVSSv3
CVE-2019-7442
An XML external entity (XXE) vulnerability in the Password Vault Web Access (PVWA) of CyberArk Enterprise Password Vault <=10.7 allows remote malicious users to read arbitrary files or potentially bypass authentication via a crafted DTD in the SAML authentication system.
Cyberark Enterprise Password Vault
1 EDB exploit
9.8
CVSSv3
CVE-2018-14485
BlogEngine.NET 3.3 allows XXE attacks via the POST body to metaweblog.axd.
Blogengine Blogengine.net 3.3
1 EDB exploit
9.8
CVSSv3
CVE-2019-5434
An attacker could send a specifically crafted payload to the XML-RPC invocation script and trigger the unserialize() call on the "what" parameter in the "openads.spc" RPC method. Such vulnerability could be used to perform various types of attacks, e.g. exploi...
Revive-sas Revive Adserver
1 EDB exploit
9.8
CVSSv3
CVE-2019-11677
The Custom Report import function in Zoho ManageEngine Firewall Analyzer prior to 12.3 Build 123224 is vulnerable to XML External Entity (XXE) Injection.
Zohocorp Manageengine Firewall Analyzer 7.2
Zohocorp Manageengine Firewall Analyzer 8.5
Zohocorp Manageengine Firewall Analyzer 12.2
Zohocorp Manageengine Firewall Analyzer 12.3
Zohocorp Manageengine Firewall Analyzer 7.4
Zohocorp Manageengine Firewall Analyzer 8.0
Zohocorp Manageengine Firewall Analyzer 7.6
Zohocorp Manageengine Firewall Analyzer 8.1
Zohocorp Manageengine Firewall Analyzer 8.3
Zohocorp Manageengine Firewall Analyzer 12.0
9.8
CVSSv3
CVE-2019-3774
Spring Batch versions 3.0.9, 4.0.1, 4.1.0, and older unsupported versions, were susceptible to XML External Entity Injection (XXE) when receiving XML data from untrusted sources.
Pivotal Software Spring Batch
Pivotal Software Spring Batch 4.1.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
cross-site scripting
CVE-2024-5158
XML external entity
CVE-2024-4262
CVE-2024-2036
CVE-2024-4985
CVE-2024-21791
remote attackers
CVE-2023-43208
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »