214 matches found
CVE-2023-3276 Dromara HuTool XML Parsing Module XmlUtil.java readBySax xml external entity reference
A vulnerability, which was classified as problematic, has been found in Dromara HuTool up to 5.8.19. Affected by this issue is the function readBySax of the file XmlUtil.java of the component XML Parsing Module. The manipulation leads to xml external entity reference. The exploit has been disclos...
Improper Restriction of XML External Entity Reference
A vulnerability, which was classified as problematic, has been found in Dromara HuTool up to 5.8.19. Affected by this issue is the function readBySax of the file XmlUtil.java of the component XML Parsing Module. The manipulation leads to xml external entity reference. The exploit has been disclos...
PT-2023-24008 · Dromara · Dromara Hutool
Name of the Vulnerable Software and Affected Versions: Dromara HuTool versions up to 5.8.19 Description: A problematic issue has been found in the XML Parsing Module, specifically affecting the readBySax function of the XmlUtil.java file. This issue leads to xml external entity reference. The...
CVE-2023-29498
Improper restriction of XML external entity reference XXE vulnerability exists in FRENIC RHC Loader v1.1.0.3 and earlier. If a user opens a specially crafted project file, sensitive information on the system where the affected product is installed may be disclosed...
Fuji Electric FRENIC RHC Loader XML External Entity Reference Vulnerability
Fuji Electric FRENIC RHC Loader is a software tool developed by Fuji Electric Japan for debugging and monitoring inverters, mainly serving the industrial automation field. The Fuji Electric FRENIC RHC Loader suffers from an XML external entity reference vulnerability that can be exploited by an...
CVE-2023-2806
A vulnerability classified as problematic was found in Weaver e-cology up to 9.0. Affected by this vulnerability is the function RequestInfoByXml of the component API. The manipulation leads to xml external entity reference. The associated identifier of this vulnerability is VDB-229411. NOTE: The...
Xxe
A vulnerability classified as problematic was found in Weaver e-cology up to 9.0. Affected by this vulnerability is the function RequestInfoByXml of the component API. The manipulation leads to xml external entity reference. The associated identifier of this vulnerability is VDB-229411. NOTE: The...
CVE-2023-2806 Weaver e-cology API RequestInfoByXml xml external entity reference
A vulnerability classified as problematic was found in Weaver e-cology up to 9.0. Affected by this vulnerability is the function RequestInfoByXml of the component API. The manipulation leads to xml external entity reference. The associated identifier of this vulnerability is VDB-229411. NOTE: The...
CVE-2023-2806 Weaver e-cology API RequestInfoByXml xml external entity reference
A vulnerability classified as problematic was found in Weaver e-cology up to 9.0. Affected by this vulnerability is the function RequestInfoByXml of the component API. The manipulation leads to xml external entity reference. The associated identifier of this vulnerability is VDB-229411. NOTE: The...
CVE-2023-2161
A CWE-611: Improper Restriction of XML External Entity Reference vulnerability exists that could cause unauthorized read access to the file system when a malicious configuration file is loaded on to the software by a local user...
Shinseiyo Sogo Soft 代码问题漏洞
Shinseiyo Sogo Soft is a software used by Japan's Ministry of Justice to process legal documents and information. A security vulnerability exists in Shinseiyo Sogo Soft version 7.9A and prior versions, which arises from incorrectly restricting XML external entity references...
CVE-2022-43941
Hitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.1 and 9.3.0.2, including 8.3.x do not correctly protect the Post Analysis service endpoint of the data access plugin against out-of-band XML External Entity Reference...
Xxe
Hitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.1 and 9.3.0.2, including 8.3.x do not correctly protect the Post Analysis service endpoint of the data access plugin against out-of-band XML External Entity Reference...
CVE-2022-43941
CVE-2022-43941 affects Hitachi Vantara Pentaho Business Analytics Server prior to 9.4.0.1 and 9.3.0.2 (including 8.3.x). The issue is that the Post Analysis service endpoint of the data access plugin does not properly protect against XML External Entity (XXE) references, a root-cause that can lea...
Xxe
A vulnerability was found in zwczou WeChat SDK Python 0.3.0 and classified as critical. This issue affects the function validate/toxml. The manipulation leads to xml external entity reference. The attack may be initiated remotely. Upgrading to version 0.5.5 is able to address this issue. The patc...
CVE-2018-25082 zwczou WeChat SDK Python to_xml xml external entity reference
A vulnerability was found in zwczou WeChat SDK Python 0.3.0 and classified as critical. This issue affects the function validate/toxml. The manipulation leads to xml external entity reference. The attack may be initiated remotely. Upgrading to version 0.5.5 is able to address this issue. The patc...
CVE-2018-25082 zwczou WeChat SDK Python to_xml xml external entity reference
A vulnerability was found in zwczou WeChat SDK Python 0.3.0 and classified as critical. This issue affects the function validate/toxml. The manipulation leads to xml external entity reference. The attack may be initiated remotely. Upgrading to version 0.5.5 is able to address this issue. The patc...
XWiki Platform vulnerable to data leak via Improper Restriction of XML External Entity Reference
Impact Any user with edit rights on a document can trigger a XAR import on a forged XAR file, leading to the ability to display the content of any file on the XWiki server host. Example to reproduce: Create a forget XAR file and inside it, have the following package.xml content: xml Helper pages...
CVE-2015-10082
A vulnerability classified as problematic has been found in UIKit0 libplist 1.12. This affects the function plistfromxml of the file src/xplist.c of the component XML Handler. The manipulation leads to xml external entity reference. The patch is named c086cb139af7c82845f6d565e636073ff4b37440. It ...
CVE-2016-15026
A vulnerability was found in 3breadt dd-plist 1.17 and classified as problematic. Affected by this issue is some unknown functionality. The manipulation leads to xml external entity reference. An attack has to be approached locally. Upgrading to version 1.18 is able to address this issue. The pat...