Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
xml injection vulnerabilities and exploits
(subscribe to this query)
383
VMScore
CVE-2017-9072
Two CalendarXP products have XSS in common parts of HTML files. CalendarXP FlatCalendarXP up to and including 9.9.290 has XSS in iflateng.htm and nflateng.htm. CalendarXP PopCalendarXP up to and including 9.8.308 has XSS in ipopeng.htm and npopeng.htm.
Calendarxp Flatcalendarxp
Calendarxp Popcalendarxp
410
VMScore
CVE-2022-20729
A vulnerability in CLI of Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local malicious user to inject XML into the command parser. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by including ...
Cisco Firepower Threat Defense
570
VMScore
CVE-2018-1821
IBM Operational Decision Management 8.5, 8.6, 8.7, 8.8, and 8.9 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: ...
Ibm Operational Decision Manager
383
VMScore
CVE-2019-10263
An issue exists in Ahsay Cloud Backup Suite prior to 8.1.1.50. When creating a trial account, it is possible to inject XSS in the Alias field, allowing the malicious user to retrieve the admin's cookie and take over the account.
Ahsay Cloud Backup Suite
435
VMScore
CVE-2018-8527
An information disclosure vulnerability exists in Microsoft SQL Server Management Studio (SSMS) when parsing a malicious XEL file containing a reference to an external entity, aka "SQL Server Management Studio Information Disclosure Vulnerability." This affects SQL Serv...
Microsoft Sql Server Management Studio 17.9
Microsoft Sql Server Management Studio 18.0
1 EDB exploit
435
VMScore
CVE-2018-8532
An information disclosure vulnerability exists in Microsoft SQL Server Management Studio (SSMS) when parsing a malicious XMLA file containing a reference to an external entity, aka "SQL Server Management Studio Information Disclosure Vulnerability." This affects SQL Ser...
Microsoft Sql Server Management Studio 18.0
Microsoft Sql Server Management Studio 17.9
1 EDB exploit
435
VMScore
CVE-2014-3004
The default configuration for the Xerces SAX Parser in Castor prior to 1.3.3 allows context-dependent malicious users to conduct XML External Entity (XXE) attacks via a crafted XML document.
Castor Project Castor
Castor Project Castor 1.3.1
Castor Project Castor 1.3
Opensuse Project Opensuse 12.3
Opensuse Opensuse 13.1
1 EDB exploit
890
VMScore
CVE-2020-24916
CGI implementation in Yaws web server versions 1.81 to 2.0.7 is vulnerable to OS command injection.
Yaws Yaws
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Canonical Ubuntu Linux 18.04
605
VMScore
CVE-2020-24379
WebDAV implementation in Yaws web server versions 1.81 to 2.0.7 is vulnerable to XXE injection.
Yaws Yaws
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Canonical Ubuntu Linux 18.04
320
VMScore
CVE-2018-0100
A vulnerability in the Profile Editor of the Cisco AnyConnect Secure Mobility Client could allow an unauthenticated, local malicious user to have read and write access to information stored in the affected system. The vulnerability is due to improper handling of the XML External ...
Cisco Anyconnect Secure Mobility Client
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injection
CVE-2006-4304
CVE-2023-26603
CVE-2024-28327
CVE-2023-50363
CVE-2024-21905
template injection
CVE-2024-3400
cross-site request forgery
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »