Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
xml injection vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2017-9072
Two CalendarXP products have XSS in common parts of HTML files. CalendarXP FlatCalendarXP up to and including 9.9.290 has XSS in iflateng.htm and nflateng.htm. CalendarXP PopCalendarXP up to and including 9.8.308 has XSS in ipopeng.htm and npopeng.htm.
Calendarxp Flatcalendarxp
Calendarxp Popcalendarxp
4.6
CVSSv2
CVE-2022-20729
A vulnerability in CLI of Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local malicious user to inject XML into the command parser. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by including ...
Cisco Firepower Threat Defense
4.3
CVSSv2
CVE-2019-10263
An issue exists in Ahsay Cloud Backup Suite prior to 8.1.1.50. When creating a trial account, it is possible to inject XSS in the Alias field, allowing the malicious user to retrieve the admin's cookie and take over the account.
Ahsay Cloud Backup Suite
6.4
CVSSv2
CVE-2018-1821
IBM Operational Decision Management 8.5, 8.6, 8.7, 8.8, and 8.9 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: ...
Ibm Operational Decision Manager
4.3
CVSSv2
CVE-2014-3004
The default configuration for the Xerces SAX Parser in Castor prior to 1.3.3 allows context-dependent malicious users to conduct XML External Entity (XXE) attacks via a crafted XML document.
Castor Project Castor
Castor Project Castor 1.3.1
Castor Project Castor 1.3
Opensuse Project Opensuse 12.3
Opensuse Opensuse 13.1
1 EDB exploit
4.3
CVSSv2
CVE-2018-8527
An information disclosure vulnerability exists in Microsoft SQL Server Management Studio (SSMS) when parsing a malicious XEL file containing a reference to an external entity, aka "SQL Server Management Studio Information Disclosure Vulnerability." This affects SQL Serv...
Microsoft Sql Server Management Studio 17.9
Microsoft Sql Server Management Studio 18.0
1 EDB exploit
4.3
CVSSv2
CVE-2018-8533
An information disclosure vulnerability exists in Microsoft SQL Server Management Studio (SSMS) when parsing malicious XML content containing a reference to an external entity, aka "SQL Server Management Studio Information Disclosure Vulnerability." This affects SQL Ser...
Microsoft Sql Server Management Studio 18.0
Microsoft Sql Server Management Studio 17.9
1 EDB exploit
6.8
CVSSv2
CVE-2020-24379
WebDAV implementation in Yaws web server versions 1.81 to 2.0.7 is vulnerable to XXE injection.
Yaws Yaws
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Canonical Ubuntu Linux 18.04
10
CVSSv2
CVE-2020-24916
CGI implementation in Yaws web server versions 1.81 to 2.0.7 is vulnerable to OS command injection.
Yaws Yaws
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Canonical Ubuntu Linux 18.04
5.5
CVSSv2
CVE-2020-7032
An XML external entity (XXE) vulnerability in Avaya WebLM admin interface allows authenticated users to read arbitrary files or conduct server-side request forgery (SSRF) attacks via a crafted DTD in an XML request. Affected versions of Avaya WebLM include: 7.0 up to and includin...
Avaya Aura System Manager
Avaya Weblm
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-5248
CVE-2024-3110
CVE-2024-5552
CVE-2024-29415
HTML injection
CVE-2024-3095
TCP
type confusion
CVE-2024-1800
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »