CVE-2023-40239

Certain Lexmark devices such as CS310 before 2023-08-25 allow XXE attacks, leading to information disclosure. The fixed firmware version is LW80..P246, i.e., '' indicates that the full version specification varies across product model family, but firmware level P246 or higher is required to...

CVE-2023-37497

The Unica application exposes an API which accepts arbitrary XML input. By manipulating the given XML, an authenticated attacker with certain rights can successfully perform XML External Entity attacks XXE against the backend service...

CVE-2023-30951

The Foundry Magritte plugin rest-source was found to be vulnerable to an an XML external Entity attack XXE...

CVE-2023-30951 CVE-2023-30951

The Foundry Magritte plugin rest-source was found to be vulnerable to an an XML external Entity attack XXE...

CVE-2023-37942

Jenkins External Monitor Job Type Plugin 206.v9a94ff0b4a10 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...

Jenkins Plugin External Monitor Job Type 代码问题漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...

Schneider Electric OPC Factory Server 代码问题漏洞

Schneider Electric OPC Factory Server is a software application from the French company Schneider Electric Schneider Electric. An XML external entity injection vulnerability exists in Schneider Electric OPC Factory Server, which stems from an improper restriction on XML external entity references...

CVE-2023-29443

Zoho ManageEngine ServiceDesk Plus before 14105, ServiceDesk Plus MSP before 14200, SupportCenter Plus before 14200, and AssetExplorer before 6989 allow SDAdmin attackers to conduct XXE attacks via a crafted server that sends malformed XML from a Reports integration API endpoint...

Important: pki-core

Issue Overview: Access to external entities when parsing XML documents can lead to XML external entity XXE attacks. This flaw allows a remote attacker to potentially retrieve the content of arbitrary files by sending specially crafted HTTP requests. CVE-2022-2414 Affected Packages: pki-core Note:...

CVE-2023-26263

All versions of Talend Data Catalog before 8.0-20230110 are potentially vulnerable to XML External Entity XXE attacks in the /MIMBWebServices/license endpoint of the remote harvesting server...

CVE-2023-28683

Jenkins Phabricator Differential Plugin 2.1.5 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...

PT-2023-21900 · Jenkins · Jenkins Visual Studio Code Metrics Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Visual Studio Code Metrics Plugin versions 1.7 and earlier Description: The issue is related to the XML parser not being configured to prevent XML external entity XXE attacks. This allows attackers who can control VS Code Metrics File...

CVE-2023-28685

Jenkins AbsInt a³ Plugin 1.1.0 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...

SUSE CVE-2009-1699

The XSL stylesheet implementation in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not properly handle XML external entities, which allows remote attackers to read arbitrary files via a crafted DTD, as demonstrated by a...

SUSE CVE-2015-0254

Apache Standard Taglibs before 1.2.3 allows remote attackers to execute arbitrary code or conduct external XML entity XXE attacks via a crafted XSLT extension in a 1 or 2 JSTL XML tag...

SUSE CVE-2017-5992

Openpyxl 2.4.1 resolves external entities by default, which allows remote attackers to conduct XXE attacks via a crafted .xlsx document...

SUSE CVE-2018-1285

Apache log4net versions before 2.0.10 do not disable XML external entities when parsing log4net configuration files. This allows for XXE-based attacks in applications that accept attacker-controlled log4net configuration files...

SUSE CVE-2020-1693

A flaw was found in Spacewalk up to version 2.9 where it was vulnerable to XML internal entity attacks via the /rpc/api endpoint. An unauthenticated remote attacker could use this flaw to retrieve the content of certain files and trigger a denial of service, or in certain circumstances, execute...

SUSE CVE-2020-25649

A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity XXE attacks. The highest threat from this vulnerability is data integrity...

JSA10401 - Pulse Connect Secure (PCS) product - PCS Security Bundle - Internal System Function

Ivanti 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. Internal System Function vulnerabilities found and fixed through a combination of internal and external proactive security testing: Issue with special characters used in a parameter in...