Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
xml external entity vulnerabilities and exploits
(subscribe to this query)
445
VMScore
CVE-2014-1626
XML External Entity (XXE) vulnerability in MARC::File::XML module prior to 1.0.2 for Perl, as used in Evergreen, Koha, perl4lib, and possibly other products, allows context-dependent malicious users to read arbitrary files via a crafted XML file.
Galen Charlton Marc-xml
Galen Charlton Marc-xml 1.0
NA
CVE-2023-37942
Jenkins External Monitor Job Type Plugin 206.v9a_94ff0b_4a_10 and previous versions does not configure its XML parser to prevent XML external entity (XXE) attacks.
Jenkins External Monitor Job Type
570
VMScore
CVE-2020-4462
IBM Sterling External Authentication Server 6.0.1, 6.0.0, 2.4.3.2, and 2.4.2 and IBM Sterling Secure Proxy 6.0.1, 6.0.0, 3.4.3, and 3.4.2 are vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability t...
Ibm Sterling External Authentication Server 2.4.2.0
Ibm Sterling External Authentication Server 2.4.3.2
Ibm Sterling External Authentication Server 6.0.0.0
Ibm Sterling External Authentication Server 6.0.1.0
Ibm Sterling Secure Proxy 3.4.2.0
Ibm Sterling Secure Proxy 3.4.3.0
Ibm Sterling Secure Proxy 6.0.0.0
Ibm Sterling Secure Proxy 6.0.1.0
490
VMScore
CVE-2019-19031
Easy XML Editor through v1.7.8 is affected by: XML External Entity Injection. The impact is: Arbitrary File Read and DoS by consuming resources. The component is: XML Parsing. The attack vector is: Specially crafted XML payload.
Edit-xml Easy Xml Editor
NA
CVE-2022-47514
An XML external entity (XXE) injection vulnerability in XML-RPC.NET prior to 2.5.0 allows remote authenticated users to conduct server-side request forgery (SSRF) attacks, as demonstrated by a pingback.aspx POST request.
Xml-rpc.net Project Xml-rpc.net
1 Github repository
NA
CVE-2020-26708
requests-xml v0.2.3 exists to contain an XML External Entity Injection (XXE) vulnerability which allows malicious users to execute arbitrary code via a crafted XML file.
Requests-xml Project Requests-xml 0.2.3
NA
CVE-2020-26709
py-xml v1.0 exists to contain an XML External Entity Injection (XXE) vulnerability which allows malicious users to execute arbitrary code via a crafted XML file.
Py-xml Project Py-xml 1.0
828
VMScore
CVE-2012-4710
Invensys Wonderware Win-XML Exporter 1522.148.0.0 allows remote malicious users to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via an XML external entity declaration in conjunction with an entity referenc...
Invensys Wonderware Win-xml Exporter 1522.148.0.0
670
VMScore
CVE-2016-3720
XML external entity (XXE) vulnerability in XmlMapper in the Data format extension for Jackson (aka jackson-dataformat-xml) allows malicious users to have unspecified impact via unknown vectors.
Fedoraproject Fedora 24
Fasterxml Jackson-dataformat-xml
5 Github repositories
435
VMScore
CVE-2017-9355
XML external entity (XXE) vulnerability in the import playlist feature in Subsonic 6.1.1 might allow remote malicious users to conduct server-side request forgery (SSRF) attacks via a crafted XSPF playlist file.
Subsonic Subsonic 6.1.1
1 EDB exploit
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
hardcoded
arbitrary code
CVE-2024-2404
CVE-2024-21111
CVE-2024-28627
CVE-2024-4073
information disclosure
CVE-2024-32780
CVE-2024-4040
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »