11 matches found
CVE-2026-34401
XML Notepad is a Windows program that provides a simple intuitive User Interface for browsing and editing XML documents. Prior to version 2.9.0.21, XML Notepad does not disable DTD processing by default which means external entities are resolved automatically. There is a well known attack related...
CVE-2026-34401 XML Notepad: XML External Entity (XXE) Injection via Unsafe XmlTextReader in XML Diff and Schema Loading
XML Notepad is a Windows program that provides a simple intuitive User Interface for browsing and editing XML documents. Prior to version 2.9.0.21, XML Notepad does not disable DTD processing by default which means external entities are resolved automatically. There is a well known attack related...
CVE-2026-34401 XML Notepad: XML External Entity (XXE) Injection via Unsafe XmlTextReader in XML Diff and Schema Loading
XML Notepad is a Windows program that provides a simple intuitive User Interface for browsing and editing XML documents. Prior to version 2.9.0.21, XML Notepad does not disable DTD processing by default which means external entities are resolved automatically. There is a well known attack related...
CVE-2026-34401
XML Notepad is a Windows program that provides a simple intuitive User Interface for browsing and editing XML documents. Prior to version 2.9.0.21, XML Notepad does not disable DTD processing by default which means external entities are resolved automatically. There is a well known attack related...
CVE-2026-34401 XML Notepad: XML External Entity (XXE) Injection via Unsafe XmlTextReader in XML Diff and Schema Loading
XML Notepad is a Windows program that provides a simple intuitive User Interface for browsing and editing XML documents. Prior to version 2.9.0.21, XML Notepad does not disable DTD processing by default which means external entities are resolved automatically. There is a well known attack related...
CVE-2026-34401
XML Notepad is affected by an XXE flaw in which DTD processing was not disabled by default prior to version 2.9.0.21, allowing external entities to be resolved. The issue could cause the application to make outbound HTTP/SMB requests and potentially leak local file contents or NTLM credentials. T...
PT-2026-29357
Name of the Vulnerable Software and Affected Versions XML Notepad versions prior to 2.9.0.21 Description XML Notepad, a Windows program for editing XML documents, does not disable DTD processing by default before version 2.9.0.21. This allows for the resolution of external entities. An attacker c...
XML Notepad 2.8.0.4 XML External Entity Injection
Exploit Title: XML Notepad 2.8.0.4 - XML External Entity Injection Date: 2019-11-11 Exploit Author: 8-Team / daejinoh Vendor Homepage: https://www.microsoft.com/ Software Link: https://github.com/microsoft/XmlNotepad Version: XML Notepad 2.8.0.4 Tested on: Windows 10 Pro CVE : N/A Step 1 File -...
XML Notepad 2.8.0.4 - XML External Entity Injection
Exploit Title: XML Notepad 2.8.0.4 - XML External Entity Injection Date: 2019-11-11 Exploit Author: 8-Team / daejinoh Vendor Homepage: https://www.microsoft.com/ Software Link: https://github.com/microsoft/XmlNotepad Version: XML Notepad 2.8.0.4 Tested on: Windows 10 Pro CVE : N/A Step 1 File -...
XML Notepad 2.8.0.4 - XML External Entity Injection
XML Notepad 2.8.0.4 - XML External Entity Injection Exploit Title: XML Notepad 2.8.0.4 - XML External Entity Injection Date: 2019-11-11 Exploit Author: 8-Team / daejinoh Vendor Homepage: https://www.microsoft.com/ Software Link: https://github.com/microsoft/XmlNotepad Version: XML Notepad 2.8.0.4...
XML Notepad 2.8.0.4 - XML External Entity Injection Exploit
Exploit Title: XML Notepad 2.8.0.4 - XML External Entity Injection Exploit Author: 8-Team / daejinoh Vendor Homepage: https://www.microsoft.com/ Software Link: https://github.com/microsoft/XmlNotepad Version: XML Notepad 2.8.0.4 Tested on: Windows 10 Pro CVE : N/A Step 1 File - Open - .xml Exploi...