Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
xml injection vulnerabilities and exploits
(subscribe to this query)
5.5
CVSSv3
CVE-2018-8532
An information disclosure vulnerability exists in Microsoft SQL Server Management Studio (SSMS) when parsing a malicious XMLA file containing a reference to an external entity, aka "SQL Server Management Studio Information Disclosure Vulnerability." This affects SQL Ser...
Microsoft Sql Server Management Studio 18.0
Microsoft Sql Server Management Studio 17.9
1 EDB exploit
5.5
CVSSv3
CVE-2018-8527
An information disclosure vulnerability exists in Microsoft SQL Server Management Studio (SSMS) when parsing a malicious XEL file containing a reference to an external entity, aka "SQL Server Management Studio Information Disclosure Vulnerability." This affects SQL Serv...
Microsoft Sql Server Management Studio 17.9
Microsoft Sql Server Management Studio 18.0
1 EDB exploit
6.1
CVSSv3
CVE-2019-10263
An issue exists in Ahsay Cloud Backup Suite prior to 8.1.1.50. When creating a trial account, it is possible to inject XSS in the Alias field, allowing the malicious user to retrieve the admin's cookie and take over the account.
Ahsay Cloud Backup Suite
7.8
CVSSv3
CVE-2022-20729
A vulnerability in CLI of Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local malicious user to inject XML into the command parser. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by including ...
Cisco Firepower Threat Defense
9.1
CVSSv3
CVE-2018-1821
IBM Operational Decision Management 8.5, 8.6, 8.7, 8.8, and 8.9 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: ...
Ibm Operational Decision Manager
6.1
CVSSv3
CVE-2017-9072
Two CalendarXP products have XSS in common parts of HTML files. CalendarXP FlatCalendarXP up to and including 9.9.290 has XSS in iflateng.htm and nflateng.htm. CalendarXP PopCalendarXP up to and including 9.8.308 has XSS in ipopeng.htm and npopeng.htm.
Calendarxp Flatcalendarxp
Calendarxp Popcalendarxp
NA
CVE-2014-3004
The default configuration for the Xerces SAX Parser in Castor prior to 1.3.3 allows context-dependent malicious users to conduct XML External Entity (XXE) attacks via a crafted XML document.
Castor Project Castor
Castor Project Castor 1.3.1
Castor Project Castor 1.3
Opensuse Project Opensuse 12.3
Opensuse Opensuse 13.1
1 EDB exploit
9.8
CVSSv3
CVE-2020-24916
CGI implementation in Yaws web server versions 1.81 to 2.0.7 is vulnerable to OS command injection.
Yaws Yaws
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Canonical Ubuntu Linux 18.04
9.8
CVSSv3
CVE-2020-24379
WebDAV implementation in Yaws web server versions 1.81 to 2.0.7 is vulnerable to XXE injection.
Yaws Yaws
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Canonical Ubuntu Linux 18.04
5.4
CVSSv3
CVE-2021-34706
A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote malicious user to access sensitive information or conduct a server-side request forgery (SSRF) attack through an affected device. This vulnerability ...
Cisco Identity Services Engine 3.1\\(0.518\\)
Cisco Identity Services Engine 3.2\\(0.149\\)
Cisco Identity Services Engine
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
IMAP
CVE-2024-4367
server-side request forgery
information disclosure
CVE-2024-34342
CVE-2024-4281
CVE-2024-3507
CVE-2024-25560
CVE-2024-34574
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »