Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
xml external entity vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-40507
This vulnerability allows remote attackers to disclose sensitive information on affected installations of LG Simple Editor. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the copyContent command. Due to the impr...
9
CVSSv2
CVE-2022-21949
A Improper Restriction of XML External Entity Reference vulnerability in SUSE Open Build Service allows remote malicious users to reference external entities in certain operations. This can be used to gain information from the server that can be abused to escalate to Admin privil...
Opensuse Open Build Service
5
CVSSv2
CVE-2013-4295
The gadget renderer in Apache Shindig 2.5.0 for PHP allows remote malicious users to obtain sensitive information via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
Apache Shindig 2.5.0
1 EDB exploit
4.3
CVSSv2
CVE-2020-26981
A vulnerability has been identified in JT2Go (All versions < V13.1.0), Teamcenter Visualization (All versions < V13.1.0). When opening a specially crafted xml file, the application could disclose arbitrary files to remote attackers. This is because of the passing of special...
Siemens Jt2go
Siemens Teamcenter Visualization
NA
CVE-2023-40503
This vulnerability allows remote attackers to disclose sensitive information on affected installations of LG Simple Editor. Authentication is not required to exploit this vulnerability. The specific flaw exists within the saveXmlFile method. Due to the improper restriction of XML...
NA
CVE-2023-39472
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Inductive Automation Ignition. Authentication is required to exploit this vulnerability. The specific flaw exists within the SimpleXMLReader class. Due to the improper restri...
NA
CVE-2023-5136
An incorrect permission assignment in the TopoGrafix DataPlugin for GPX could result in information disclosure. An attacker could exploit this vulnerability by getting a user to open a specially crafted data file.
Ni Topografix Data Plugin 2023
Ni Diadem 2015
Ni Diadem 2014
Ni Diadem 2019
Ni Diadem 2018
Ni Diadem 2017
Ni Diadem 2020
Ni Diadem 2021
Ni Diadem 2022
Ni Diadem 2023
Ni Veristand 2017
Ni Veristand 2016
Ni Veristand 2014
Ni Veristand 2015
Ni Veristand 2013
Ni Veristand 2018
Ni Veristand 2019
Ni Veristand 2020
Ni Veristand 2021
Ni Veristand 2023
Ni Flexlogger 2021
Ni Flexlogger 2018
4.3
CVSSv2
CVE-2014-3004
The default configuration for the Xerces SAX Parser in Castor prior to 1.3.3 allows context-dependent malicious users to conduct XML External Entity (XXE) attacks via a crafted XML document.
Castor Project Castor
Castor Project Castor 1.3.1
Castor Project Castor 1.3
Opensuse Project Opensuse 12.3
Opensuse Opensuse 13.1
1 EDB exploit
7.8
CVSSv2
CVE-2019-10266
An issue exists in Ahsay Cloud Backup Suite prior to 8.1.1.50. When sending an out-of-bounds XML document to a URL, it is possible to read the file structure and even the content of files without authentication.
Ahsay Cloud Backup Suite
1 EDB exploit
1.9
CVSSv2
CVE-2017-7457
XML External Entity via ".AOP" files used by Moxa MX-AOPC Server 1.5 result in remote file disclosure.
Moxa Mx-aopc Server 1.5
1 EDB exploit
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3581
reflected XSS
CVE-2024-26925
CVE-2024-27956
LFI
CVE-2024-3607
CVE-2024-3107
CVE-2024-3295
SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »