Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
xml external entity vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2014-1626
XML External Entity (XXE) vulnerability in MARC::File::XML module prior to 1.0.2 for Perl, as used in Evergreen, Koha, perl4lib, and possibly other products, allows context-dependent malicious users to read arbitrary files via a crafted XML file.
Galen Charlton Marc-xml
Galen Charlton Marc-xml 1.0
6.5
CVSSv3
CVE-2023-37942
Jenkins External Monitor Job Type Plugin 206.v9a_94ff0b_4a_10 and previous versions does not configure its XML parser to prevent XML external entity (XXE) attacks.
Jenkins External Monitor Job Type
8.2
CVSSv3
CVE-2020-4462
IBM Sterling External Authentication Server 6.0.1, 6.0.0, 2.4.3.2, and 2.4.2 and IBM Sterling Secure Proxy 6.0.1, 6.0.0, 3.4.3, and 3.4.2 are vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability t...
Ibm Sterling External Authentication Server 2.4.2.0
Ibm Sterling External Authentication Server 2.4.3.2
Ibm Sterling External Authentication Server 6.0.0.0
Ibm Sterling External Authentication Server 6.0.1.0
Ibm Sterling Secure Proxy 3.4.2.0
Ibm Sterling Secure Proxy 3.4.3.0
Ibm Sterling Secure Proxy 6.0.0.0
Ibm Sterling Secure Proxy 6.0.1.0
8.1
CVSSv3
CVE-2019-19031
Easy XML Editor through v1.7.8 is affected by: XML External Entity Injection. The impact is: Arbitrary File Read and DoS by consuming resources. The component is: XML Parsing. The attack vector is: Specially crafted XML payload.
Edit-xml Easy Xml Editor
8.8
CVSSv3
CVE-2022-47514
An XML external entity (XXE) injection vulnerability in XML-RPC.NET prior to 2.5.0 allows remote authenticated users to conduct server-side request forgery (SSRF) attacks, as demonstrated by a pingback.aspx POST request.
Xml-rpc.net Project Xml-rpc.net
1 Github repository
7.5
CVSSv3
CVE-2020-26708
requests-xml v0.2.3 exists to contain an XML External Entity Injection (XXE) vulnerability which allows malicious users to execute arbitrary code via a crafted XML file.
Requests-xml Project Requests-xml 0.2.3
7.5
CVSSv3
CVE-2020-26709
py-xml v1.0 exists to contain an XML External Entity Injection (XXE) vulnerability which allows malicious users to execute arbitrary code via a crafted XML file.
Py-xml Project Py-xml 1.0
NA
CVE-2012-4710
Invensys Wonderware Win-XML Exporter 1522.148.0.0 allows remote malicious users to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via an XML external entity declaration in conjunction with an entity referenc...
Invensys Wonderware Win-xml Exporter 1522.148.0.0
9.8
CVSSv3
CVE-2016-3720
XML external entity (XXE) vulnerability in XmlMapper in the Data format extension for Jackson (aka jackson-dataformat-xml) allows malicious users to have unspecified impact via unknown vectors.
Fedoraproject Fedora 24
Fasterxml Jackson-dataformat-xml
5 Github repositories
9.8
CVSSv3
CVE-2018-11586
XML external entity (XXE) vulnerability in api/rest/status in SearchBlox 8.6.7 allows remote unauthenticated users to read arbitrary files or conduct server-side request forgery (SSRF) attacks via a crafted DTD in an XML request.
Searchblox Searchblox 8.6.7
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
firewall
CVE-2024-35649
stored XSS
CVE-2022-28654
CVE-2020-35153
CVE-2024-27348
CVE-2022-28652
local users
CVE-2017-3506
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »