Adobe Experience Manager (AEM) < 6.5.23.0 XML External Entity

Adobe Experience Manager AEM versions prior to 6.5.23.0 are affected by an XML External Entity XXE vulnerability. An attacker could exploit this vulnerability by sending a specially crafted XML request to the affected system, which could lead to unauthorized access to sensitive information or...

CVE-2018-20160

ZxChat aka ZeXtras Chat, as used for zimbra-chat and zimbra-talk in Synacor Zimbra Collaboration Suite 8.7 and 8.8 and in other products, allows XXE attacks, as demonstrated by a crafted XML request to mailboxd...

The vulnerability of the interactive browser environment for data analysis and visualization in Apache Zeppelin SAP arises from incorrect restrictions on XML links to external objects. This allows attackers to disclose sensitive information or cause service failures.

The vulnerability of the interactive browser environment for data analysis and visualization in Apache Zeppelin SAP is related to incorrect restrictions on XML links to external objects. Exploiting this vulnerability can allow a malicious actor to disclose sensitive information or cause service...

dotnet: XML source markup processing remote code execution

It was discovered that .NET Core did not properly check the source markup of XML files. A remote, unauthenticated attacker could possibly exploit this flaw to execute arbitrary code by sending specially crafted requests to an application parsing certain kinds of XML files or an ASP.NET Core...

PT-2020-15355 · Jenkins · Jenkins Rundeck Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Rundeck Plugin versions 3.6.6 and earlier Description: The issue allows a user with Overall/Read access to have Jenkins parse a crafted HTTP request with XML data that uses external entities for extraction of secrets from the Jenkins...