Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
xxe vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2021-41411
drools <=7.59.x is affected by an XML External Entity (XXE) vulnerability in KieModuleMarshaller.java. The Validator class is not used correctly, resulting in the XXE injection vulnerability.
Redhat Drools
7.5
CVSSv2
CVE-2019-13990
initDocumentParser in xml/XMLSchedulingDataProcessor.java in Terracotta Quartz Scheduler up to and including 2.3.0 allows XXE attacks via a job description.
Softwareag Quartz
Oracle Flexcube Investor Servicing 12.3.0
Oracle Flexcube Investor Servicing 12.1.0
Oracle Retail Xstore Point Of Service 15.0
Oracle Flexcube Private Banking 12.1.0
Oracle Primavera Unifier 16.2
Oracle Flexcube Private Banking 12.0.0
Oracle Primavera Unifier 16.1
Oracle Retail Integration Bus 15.0
Oracle Retail Back Office 14.1
Oracle Flexcube Investor Servicing 12.4.0
Oracle Webcenter Sites 12.2.1.3.0
Oracle Retail Xstore Point Of Service 16.0
Oracle Fusion Middleware Mapviewer 12.2.1.3.0
Oracle Retail Order Broker 15.0
Oracle Retail Order Broker 16.0
Oracle Retail Integration Bus 16.0
Oracle Retail Returns Management 14.1
Oracle Retail Central Office 14.1
Oracle Primavera Unifier 18.8
Oracle Retail Point-of-service 14.1
Oracle Primavera Unifier
2 Github repositories
4
CVSSv2
CVE-2019-17085
XXE attack vulnerability on Micro Focus Operations Agent, affected version 12.0, 12.01, 12.02, 12.03, 12.04, 12.05, 12.06, 12.10, 12.11. The vulnerability could be exploited to do an XXE attack on Operations Agent.
Microfocus Operations Agent 12.01
Microfocus Operations Agent 12.02
Microfocus Operations Agent 12.03
Microfocus Operations Agent 12.04
Microfocus Operations Agent 12.05
Microfocus Operations Agent 12.06
Microfocus Operations Agent 12.10
Microfocus Operations Agent 12.11
Microfocus Operations Agent 12.0
7.5
CVSSv2
CVE-2018-8027
Apache Camel 2.20.0 to 2.20.3 and 2.21.0 Core is vulnerable to XXE in XSD validation processor.
Apache Camel 2.21.0
Apache Camel
7.5
CVSSv2
CVE-2018-6486
XML External Entity (XXE) vulnerability in Micro Focus Fortify Audit Workbench (AWB) and Micro Focus Fortify Software Security Center (SSC), versions 16.10, 16.20, 17.10. This vulnerability could be exploited to allow a XML External Entity (XXE) injection.
Microfocus Fortify Audit Workbench 16.10
Microfocus Fortify Audit Workbench 16.20
Microfocus Fortify Audit Workbench 17.10
Microfocus Fortify Software Security Center 16.10
Microfocus Fortify Software Security Center 16.20
Microfocus Fortify Software Security Center 17.10
5.8
CVSSv2
CVE-2017-5992
Openpyxl 2.4.1 resolves external entities by default, which allows remote malicious users to conduct XXE attacks via a crafted .xlsx document.
Python Openpyxl 2.4.1
6.4
CVSSv2
CVE-2021-27931
LumisXP (aka Lumis Experience Platform) prior to 10.0.0 allows unauthenticated blind XXE via an API request to PageControllerXml.jsp. One can send a request crafted with an XXE payload and achieve outcomes such as reading local server files or denial of service.
Lumis Lumis Experience Platform
NA
CVE-2022-43570
In Splunk Enterprise versions below 8.1.12, 8.2.9, and 9.0.2, an authenticated user can perform an extensible markup language (XML) external entity (XXE) injection via a custom View. The XXE injection causes Splunk Web to embed incorrect documents into an error.
Splunk Splunk
Splunk Splunk Cloud Platform
NA
CVE-2022-3340
XML External Entity (XXE) vulnerability in Trellix IPS Manager before 10.1 M8 allows a remote authenticated administrator to perform XXE attack in the administrator interface part of the interface, which allows a saved XML configuration file to be imported.
Trellix Intrusion Prevention System Manager
Trellix Intrusion Prevention System Manager 10.1
5.5
CVSSv2
CVE-2022-28140
Jenkins Flaky Test Handler Plugin 1.2.1 and previous versions does not configure its XML parser to prevent XML external entity (XXE) attacks.
Jenkins Flaky Test Handler
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
race condition
CVE-2024-4249
CVE-2024-4244
CVE-2023-20198
TCP
CVE-2022-48648
CVE-2022-48636
CVE-2024-21345
SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »