Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
xml external entity vulnerabilities and exploits
(subscribe to this query)
8.1
CVSSv3
CVE-2018-11048
Dell EMC Data Protection Advisor, versions 6.2, 6,3, 6.4, 6.5 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1 contain a XML External Entity (XXE) Injection vulnerability in the REST API. An authenticated remote malicious user could potentially exploit t...
Dell Emc Data Protection Advisor 6.2
Dell Emc Data Protection Advisor 6.3
Dell Emc Data Protection Advisor 6.4
Dell Emc Data Protection Advisor 6.5
Dell Emc Integrated Data Protection Appliance 2.0
Dell Emc Integrated Data Protection Appliance 2.1
NA
CVE-2023-39472
Inductive Automation Ignition SimpleXMLReader XML External Entity Processing Information Disclosure Vulnerability. This vulnerability allows remote malicious users to disclose sensitive information on affected installations of Inductive Automation Ignition. Authentication is requ...
NA
CVE-2024-4357
An information disclosure vulnerability exists in Progress Telerik Report Server, version 2024 Q1 (10.0.24.305) or earlier, allows low-privilege malicious user to read systems file via XML External Entity Processing.
5.5
CVSSv3
CVE-2023-5136
An incorrect permission assignment in the TopoGrafix DataPlugin for GPX could result in information disclosure. An attacker could exploit this vulnerability by getting a user to open a specially crafted data file.
Ni Topografix Data Plugin 2023
Ni Diadem 2015
Ni Diadem 2014
Ni Diadem 2019
Ni Diadem 2018
Ni Diadem 2017
Ni Diadem 2020
Ni Diadem 2021
Ni Diadem 2022
Ni Diadem 2023
Ni Veristand 2017
Ni Veristand 2016
Ni Veristand 2014
Ni Veristand 2015
Ni Veristand 2013
Ni Veristand 2018
Ni Veristand 2019
Ni Veristand 2020
Ni Veristand 2021
Ni Veristand 2023
Ni Flexlogger 2021
Ni Flexlogger 2018
NA
CVE-2024-29010
The XML document processed in the GMS ECM URL endpoint is vulnerable to XML external entity (XXE) injection, potentially resulting in the disclosure of sensitive information. This issue affects GMS: 9.3.4 and previous versions versions.
NA
CVE-2023-40503
LG Simple Editor saveXmlFile XML External Entity Processing Information Disclosure Vulnerability. This vulnerability allows remote malicious users to disclose sensitive information on affected installations of LG Simple Editor. Authentication is not required to exploit this vulne...
NA
CVE-2023-40506
LG Simple Editor copyContent XML External Entity Processing Information Disclosure Vulnerability. This vulnerability allows remote malicious users to disclose sensitive information on affected installations of LG Simple Editor. Authentication is not required to exploit this vulne...
NA
CVE-2023-40507
LG Simple Editor copyContent XML External Entity Processing Information Disclosure Vulnerability. This vulnerability allows remote malicious users to disclose sensitive information on affected installations of LG Simple Editor. Authentication is not required to exploit this vulne...
NA
CVE-2013-4295
The gadget renderer in Apache Shindig 2.5.0 for PHP allows remote malicious users to obtain sensitive information via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
Apache Shindig 2.5.0
1 EDB exploit
NA
CVE-2014-7177
XML External Entity vulnerability in Enalean Tuleap 7.2 and previous versions allows remote authenticated users to read arbitrary files via a crafted xml document in a create action to plugins/tracker/.
Enalean Tuleap
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-32976
CVE-2024-33557
CVE-2024-36801
CVE-2024-35654
authentication bypass
CVE-2024-24919
CSRF
code execution
CVE-2024-27348
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »