Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
xxe vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2018-6489
XML External Entity (XXE) vulnerability in Micro Focus Project and Portfolio Management Center, version 9.32. This vulnerability can be exploited to allow XML External Entity (XXE)
Microfocus Project And Portfolio Management Center 9.32
9.8
CVSSv3
CVE-2021-41411
drools <=7.59.x is affected by an XML External Entity (XXE) vulnerability in KieModuleMarshaller.java. The Validator class is not used correctly, resulting in the XXE injection vulnerability.
Redhat Drools
9.8
CVSSv3
CVE-2019-13990
initDocumentParser in xml/XMLSchedulingDataProcessor.java in Terracotta Quartz Scheduler up to and including 2.3.0 allows XXE attacks via a job description.
Softwareag Quartz
Oracle Flexcube Investor Servicing 12.3.0
Oracle Flexcube Investor Servicing 12.1.0
Oracle Retail Xstore Point Of Service 15.0
Oracle Flexcube Private Banking 12.1.0
Oracle Primavera Unifier 16.2
Oracle Flexcube Private Banking 12.0.0
Oracle Primavera Unifier 16.1
Oracle Retail Integration Bus 15.0
Oracle Retail Back Office 14.1
Oracle Flexcube Investor Servicing 12.4.0
Oracle Webcenter Sites 12.2.1.3.0
Oracle Retail Xstore Point Of Service 16.0
Oracle Fusion Middleware Mapviewer 12.2.1.3.0
Oracle Retail Order Broker 15.0
Oracle Retail Order Broker 16.0
Oracle Retail Integration Bus 16.0
Oracle Retail Returns Management 14.1
Oracle Retail Central Office 14.1
Oracle Primavera Unifier 18.8
Oracle Retail Point-of-service 14.1
Oracle Primavera Unifier
2 Github repositories
6.5
CVSSv3
CVE-2019-17085
XXE attack vulnerability on Micro Focus Operations Agent, affected version 12.0, 12.01, 12.02, 12.03, 12.04, 12.05, 12.06, 12.10, 12.11. The vulnerability could be exploited to do an XXE attack on Operations Agent.
Microfocus Operations Agent 12.01
Microfocus Operations Agent 12.02
Microfocus Operations Agent 12.03
Microfocus Operations Agent 12.04
Microfocus Operations Agent 12.05
Microfocus Operations Agent 12.06
Microfocus Operations Agent 12.10
Microfocus Operations Agent 12.11
Microfocus Operations Agent 12.0
9.8
CVSSv3
CVE-2018-8027
Apache Camel 2.20.0 to 2.20.3 and 2.21.0 Core is vulnerable to XXE in XSD validation processor.
Apache Camel 2.21.0
Apache Camel
9.8
CVSSv3
CVE-2018-6486
XML External Entity (XXE) vulnerability in Micro Focus Fortify Audit Workbench (AWB) and Micro Focus Fortify Software Security Center (SSC), versions 16.10, 16.20, 17.10. This vulnerability could be exploited to allow a XML External Entity (XXE) injection.
Microfocus Fortify Audit Workbench 16.10
Microfocus Fortify Audit Workbench 16.20
Microfocus Fortify Audit Workbench 17.10
Microfocus Fortify Software Security Center 16.10
Microfocus Fortify Software Security Center 16.20
Microfocus Fortify Software Security Center 17.10
8.2
CVSSv3
CVE-2017-5992
Openpyxl 2.4.1 resolves external entities by default, which allows remote malicious users to conduct XXE attacks via a crafted .xlsx document.
Python Openpyxl 2.4.1
9.1
CVSSv3
CVE-2021-27931
LumisXP (aka Lumis Experience Platform) prior to 10.0.0 allows unauthenticated blind XXE via an API request to PageControllerXml.jsp. One can send a request crafted with an XXE payload and achieve outcomes such as reading local server files or denial of service.
Lumis Lumis Experience Platform
6.5
CVSSv3
CVE-2022-43570
In Splunk Enterprise versions below 8.1.12, 8.2.9, and 9.0.2, an authenticated user can perform an extensible markup language (XML) external entity (XXE) injection via a custom View. The XXE injection causes Splunk Web to embed incorrect documents into an error.
Splunk Splunk
Splunk Splunk Cloud Platform
7.2
CVSSv3
CVE-2022-3340
XML External Entity (XXE) vulnerability in Trellix IPS Manager before 10.1 M8 allows a remote authenticated administrator to perform XXE attack in the administrator interface part of the interface, which allows a saved XML configuration file to be imported.
Trellix Intrusion Prevention System Manager
Trellix Intrusion Prevention System Manager 10.1
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-32976
CVE-2024-33557
CVE-2024-36801
CVE-2024-35654
authentication bypass
CVE-2024-24919
CSRF
code execution
CVE-2024-27348
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »