Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
xml injection vulnerabilities and exploits
(subscribe to this query)
8.1
CVSSv3
CVE-2022-28213
When a user access SOAP Web services in SAP BusinessObjects Business Intelligence Platform - version 420, 430, it does not sufficiently validate the XML document accepted from an untrusted source, which might result in arbitrary files retrieval from the server and in successful e...
Sap Businessobjects Business Intelligence Platform 420
Sap Businessobjects Business Intelligence Platform 430
NA
CVE-2013-0175
multi_xml gem 0.5.2 for Ruby, as used in Grape prior to 0.2.6 and possibly other products, does not properly restrict casts of string values, which allows remote malicious users to conduct object-injection attacks and execute arbitrary code, or cause a denial of service (memory a...
Erik Michaels-ober Multi Xml 0.5.2
Grape Project Grape 0.2.4
Grape Project Grape 0.2.0
Grape Project Grape 0.1.5
Grape Project Grape 0.1.4
Grape Project Grape 0.2.2
Grape Project Grape 0.2.3
Grape Project Grape 0.2.5
Grape Project Grape 0.1.2
Grape Project Grape 0.1.3
Erik Michaels-ober Multi Xml 0.5.2
Grape Project Grape 0.2.1
Grape Project Grape 0.1.1
Grape Project Grape 0.1.0
4.3
CVSSv3
CVE-2022-20938
A vulnerability in the module import function of the administrative interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote malicious user to view sensitive information. This vulnerability is due to insufficient validation of the XML syn...
Cisco Firepower Management Center 6.1.0.2
Cisco Firepower Management Center 6.2.0.2
Cisco Firepower Management Center 6.2.1
Cisco Firepower Management Center 6.1.0
Cisco Firepower Management Center 6.2.0
Cisco Firepower Management Center 6.1.0.3
Cisco Firepower Management Center 6.1.0.6
Cisco Firepower Management Center 6.2.2
Cisco Firepower Management Center 6.2.3
Cisco Firepower Management Center 6.2.0.5
Cisco Firepower Management Center 6.2.2.2
Cisco Firepower Management Center 6.1.0.7
Cisco Firepower Management Center 6.3.0
Cisco Firepower Management Center 6.2.2.1
Cisco Firepower Management Center 6.2.3.6
Cisco Firepower Management Center 6.4.0
Cisco Firepower Management Center 6.2.3.1
Cisco Firepower Management Center 6.2.3.2
Cisco Firepower Management Center 6.5.0
Cisco Firepower Management Center 6.2.3.10
Cisco Firepower Management Center 6.6.0.1
Cisco Firepower Management Center 6.6.0
NA
CVE-2006-0272
Unspecified vulnerability in the XML Database component of Oracle Database server 9.2.0.7 and 10.1.0.4 has unspecified impact and attack vectors, as identified by Oracle Vuln# DB29. NOTE: based on mutual credits by the relevant sources, it is highly likely that this issue is a bu...
Oracle Oracle10g Enterprise 10.1.0.4
Oracle Oracle10g Personal 10.1.0.4
Oracle Oracle10g Standard 10.1.0.4
Oracle Oracle9i Standard 9.2.0.7
8.8
CVSSv3
CVE-2017-12216
A vulnerability in the web-based user interface of Cisco SocialMiner could allow an unauthenticated, remote malicious user to have read and write access to information stored in the affected system. The vulnerability is due to improper handling of XML External Entity (XXE) entrie...
Cisco Socialminer -
NA
CVE-2014-8790
XML external entity (XXE) vulnerability in admin/api.php in GetSimple CMS 3.1.1 up to and including 3.3.x prior to 3.3.5 Beta 1, when in certain configurations, allows remote malicious users to read arbitrary files via the data parameter.
Get-simple Getsimple Cms 3.3.2
Get-simple Getsimple Cms 3.2
Cagintranetworks Getsimple Cms 3.3.3
Cagintranetworks Getsimple Cms 3.3.4
Get-simple Getsimple Cms 3.1.1
Get-simple Getsimple Cms 3.1.2
Get-simple Getsimple Cms 3.2.1
Get-simple Getsimple Cms 3.2.2
Get-simple Getsimple Cms 3.3.0
Get-simple Getsimple Cms 3.2.3
Get-simple Getsimple Cms 3.3.1
6.5
CVSSv3
CVE-2018-19371
The SaveUserSettings service in Content Manager in SDL Web 8.5.0 has an XXE Vulnerability that allows reading sensitive files from the system.
Sdl Web Content Manager 8.5.0
5.5
CVSSv3
CVE-2019-17554
The XML content type entity deserializer in Apache Olingo versions 4.0.0 to 4.6.0 is not configured to deny the resolution of external entities. Request with content type "application/xml", which trigger the deserialization of entities, can be used to trigger XXE attack...
Apache Olingo
9.8
CVSSv3
CVE-2022-28219
Cewolf in Zoho ManageEngine ADAudit Plus prior to 7060 is vulnerable to an unauthenticated XXE attack that leads to Remote Code Execution.
Zohocorp Manageengine Adaudit Plus 7.0
Zohocorp Manageengine Adaudit Plus
5 Github repositories
5.5
CVSSv3
CVE-2018-8533
An information disclosure vulnerability exists in Microsoft SQL Server Management Studio (SSMS) when parsing malicious XML content containing a reference to an external entity, aka "SQL Server Management Studio Information Disclosure Vulnerability." This affects SQL Ser...
Microsoft Sql Server Management Studio 18.0
Microsoft Sql Server Management Studio 17.9
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injection
CVE-2006-4304
CVE-2023-26603
CVE-2024-28327
CVE-2023-50363
CVE-2024-21905
template injection
CVE-2024-3400
cross-site request forgery
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »