214 matches found
CVE-2025-22478
Dell Storage Center - Dell Storage Manager, versions 20.1.20, contains an Improper Restriction of XML External Entity Reference vulnerability. An unauthenticated attacker with adjacent network access could potentially exploit this vulnerability, leading to Information disclosure and Information...
CVE-2025-3241 zhangyanbo2007 youkefu XML Document CallCenterRouterController.java xml external entity reference
A vulnerability, which was classified as problematic, was found in zhangyanbo2007 youkefu up to 4.2.0. This affects an unknown part of the file src/main/java/com/ukefu/webim/web/handler/admin/callcenter/CallCenterRouterController.java of the component XML Document Handler. The manipulation of the...
CVE-2025-25036
Improper Restriction of XML External Entity Reference vulnerability in Jalios JPlatform allows XML Injection.This issue affects all versions of JPlatform 10 before 10.0.8 SP8...
CVE-2025-2365 crmeb_java WeChatMessageController.java webHook xml external entity reference
A vulnerability, which was classified as problematic, has been found in crmebjava up to 1.3.4. Affected by this issue is the function webHook of the file WeChatMessageController.java. The manipulation leads to xml external entity reference. The attack may be launched remotely. The exploit has bee...
CVE-2025-2365 crmeb_java WeChatMessageController.java webHook xml external entity reference
A vulnerability, which was classified as problematic, has been found in crmebjava up to 1.3.4. Affected by this issue is the function webHook of the file WeChatMessageController.java. The manipulation leads to xml external entity reference. The attack may be launched remotely. The exploit has bee...
CVE-2025-1225
A vulnerability, which was classified as problematic, has been found in ywoa up to 2024.07.03. This issue affects the function extract of the file c-main/src/main/java/com/redmoon/weixin/aes/XMLParse.java of the component WXCallBack Interface. The manipulation leads to xml external entity...
CVE-2025-1225 ywoa WXCallBack Interface XMLParse.java extract xml external entity reference
A vulnerability, which was classified as problematic, has been found in ywoa up to 2024.07.03. This issue affects the function extract of the file c-main/src/main/java/com/redmoon/weixin/aes/XMLParse.java of the component WXCallBack Interface. The manipulation leads to xml external entity...
CVE-2025-1225 ywoa WXCallBack Interface XMLParse.java extract xml external entity reference
A vulnerability, which was classified as problematic, has been found in ywoa up to 2024.07.03. This issue affects the function extract of the file c-main/src/main/java/com/redmoon/weixin/aes/XMLParse.java of the component WXCallBack Interface. The manipulation leads to xml external entity...
CVE-2022-43941
Hitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.1 and 9.3.0.2, including 8.3.x do not correctly protect the Post Analysis service endpoint of the data access plugin against out-of-band XML External Entity Reference...
Schneider Electric Web Designer 代码问题漏洞
Schneider Electric Web Designer is a web design tool from Schneider Electric France. A code issue vulnerability exists in Schneider Electric Web Designer that stems from the inclusion of an XML External Entity References Improperly Restricted vulnerability that could lead to information disclosur...
CVE-2024-4184
Improper Restriction of XML External Entity Reference vulnerability in OpenText Application Automation Tools allows DTD Injection.This issue affects OpenText Application Automation Tools: 24.1.0 and below...
CVE-2024-4189
CVE-2024-4189 affects OpenText Application Automation Tools (version 24.1.0 and earlier). The issue is an XML External Entity (XXE) / DTD Injection caused by an improper restriction on external entities in the tool’s XML parsing, leading to potential compromise of confidentiality, integrity, and ...
CVE-2024-45293 XML External Entity Reference (XXE) in PHPSpreadsheet's XLSX reader
PHPSpreadsheet is a pure PHP library for reading and writing spreadsheet files. The security scanner responsible for preventing XXE attacks in the XLSX reader can be bypassed by slightly modifying the XML structure, utilizing white-spaces. On servers that allow users to upload their own Excel XLS...
CVE-2024-7098 XML Injection in SFS Consulting's ww.Winsure
Improper Restriction of XML External Entity Reference vulnerability in SFS Consulting ww.Winsure allows XML Injection. This issue affects ww.Winsure: before 4.6.2...
CVE-2024-7098
CVE-2024-7098 corresponds to an Improper Restriction of XML External Entity Reference in SFS Consulting WW.Winsure prior to version 4.6.2, enabling XML Injection. Multiple connected sources (NVD, Red Hat, CVE list) confirm affected product and root cause. Impact is rated critical (high confidenti...
CVE-2024-7098 XML Injection in SFS Consulting's ww.Winsure
Improper Restriction of XML External Entity Reference vulnerability in SFS Consulting ww.Winsure allows XML Injection. This issue affects ww.Winsure: before 4.6.2...
Exploit for Improper Restriction of XML External Entity Reference in Adobe Commerce
CVE-2024-34102 Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5...
CVE-2024-28982
Hitachi Vantara Pentaho Business Analytics Server versions before 10.1.0.0 and 9.3.0.7, including 8.3.x do not correctly protect the ACL service endpoint of the Pentaho User Console against XML External Entity Reference...
BIT-MAGENTO-2024-34102
Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Restriction of XML External Entity Reference 'XXE' vulnerability that could result in arbitrary code execution. An attacker could exploit this vulnerability by sending a crafted XML document that...
GHSA-M8CJ-3V68-3CXJ Magento Open Source affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability
Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Restriction of XML External Entity Reference 'XXE' vulnerability that could result in arbitrary code execution. An attacker could exploit this vulnerability by sending a crafted XML document that...