Lucene search
K

214 matches found

Cvelist
Cvelist
added 2023/06/15 1:0 p.m.28 views

CVE-2023-3276 Dromara HuTool XML Parsing Module XmlUtil.java readBySax xml external entity reference

A vulnerability, which was classified as problematic, has been found in Dromara HuTool up to 5.8.19. Affected by this issue is the function readBySax of the file XmlUtil.java of the component XML Parsing Module. The manipulation leads to xml external entity reference. The exploit has been disclos...

5.5CVSS7.7AI score0.00726EPSS
Exploits1References3
GitLab Advisory Database
GitLab Advisory Database
added 2023/06/15 12:0 a.m.42 views

Improper Restriction of XML External Entity Reference

A vulnerability, which was classified as problematic, has been found in Dromara HuTool up to 5.8.19. Affected by this issue is the function readBySax of the file XmlUtil.java of the component XML Parsing Module. The manipulation leads to xml external entity reference. The exploit has been disclos...

7.5CVSS7AI score0.00726EPSS
Exploits1References5Affected Software1
Positive Technologies
Positive Technologies
added 2023/06/15 12:0 a.m.5 views

PT-2023-24008 · Dromara · Dromara Hutool

Name of the Vulnerable Software and Affected Versions: Dromara HuTool versions up to 5.8.19 Description: A problematic issue has been found in the XML Parsing Module, specifically affecting the readBySax function of the XmlUtil.java file. This issue leads to xml external entity reference. The...

7.5CVSS6.7AI score0.00726EPSS
Exploits1References7
ATTACKERKB
ATTACKERKB
added 2023/06/13 10:15 a.m.2 views

CVE-2023-29498

Improper restriction of XML external entity reference XXE vulnerability exists in FRENIC RHC Loader v1.1.0.3 and earlier. If a user opens a specially crafted project file, sensitive information on the system where the affected product is installed may be disclosed...

5.5CVSS6.6AI score0.00211EPSS
Exploits0References3Affected Software1
CNVD
CNVD
added 2023/06/12 12:0 a.m.3 views

Fuji Electric FRENIC RHC Loader XML External Entity Reference Vulnerability

Fuji Electric FRENIC RHC Loader is a software tool developed by Fuji Electric Japan for debugging and monitoring inverters, mainly serving the industrial automation field. The Fuji Electric FRENIC RHC Loader suffers from an XML external entity reference vulnerability that can be exploited by an...

5.5CVSS6.8AI score0.00211EPSS
Exploits0References1
NVD
NVD
added 2023/05/19 9:15 a.m.27 views

CVE-2023-2806

A vulnerability classified as problematic was found in Weaver e-cology up to 9.0. Affected by this vulnerability is the function RequestInfoByXml of the component API. The manipulation leads to xml external entity reference. The associated identifier of this vulnerability is VDB-229411. NOTE: The...

8.8CVSS6.4AI score0.00984EPSS
Exploits1References3
Prion
Prion
added 2023/05/19 9:15 a.m.17 views

Xxe

A vulnerability classified as problematic was found in Weaver e-cology up to 9.0. Affected by this vulnerability is the function RequestInfoByXml of the component API. The manipulation leads to xml external entity reference. The associated identifier of this vulnerability is VDB-229411. NOTE: The...

5.2CVSS8.5AI score0.00984EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2023/05/19 8:31 a.m.28 views

CVE-2023-2806 Weaver e-cology API RequestInfoByXml xml external entity reference

A vulnerability classified as problematic was found in Weaver e-cology up to 9.0. Affected by this vulnerability is the function RequestInfoByXml of the component API. The manipulation leads to xml external entity reference. The associated identifier of this vulnerability is VDB-229411. NOTE: The...

5.5CVSS8.8AI score0.00984EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2023/05/19 8:31 a.m.11 views

CVE-2023-2806 Weaver e-cology API RequestInfoByXml xml external entity reference

A vulnerability classified as problematic was found in Weaver e-cology up to 9.0. Affected by this vulnerability is the function RequestInfoByXml of the component API. The manipulation leads to xml external entity reference. The associated identifier of this vulnerability is VDB-229411. NOTE: The...

5.5CVSS6.8AI score0.00984EPSS
Exploits1References3
OSV
OSV
added 2023/05/16 5:15 a.m.2 views

CVE-2023-2161

A CWE-611: Improper Restriction of XML External Entity Reference vulnerability exists that could cause unauthorized read access to the file system when a malicious configuration file is loaded on to the software by a local user...

5.5CVSS6.1AI score
Exploits0References1
CNNVD
CNNVD
added 2023/04/19 12:0 a.m.4 views

Shinseiyo Sogo Soft 代码问题漏洞

Shinseiyo Sogo Soft is a software used by Japan's Ministry of Justice to process legal documents and information. A security vulnerability exists in Shinseiyo Sogo Soft version 7.9A and prior versions, which arises from incorrectly restricting XML external entity references...

7.5CVSS5.8AI score0.00343EPSS
Exploits0References4
NVD
NVD
added 2023/04/03 7:15 p.m.20 views

CVE-2022-43941

Hitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.1 and 9.3.0.2, including 8.3.x do not correctly protect the Post Analysis service endpoint of the data access plugin against out-of-band XML External Entity Reference...

7.1CVSS7AI score0.0053EPSS
Exploits0References1
Prion
Prion
added 2023/04/03 7:15 p.m.15 views

Xxe

Hitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.1 and 9.3.0.2, including 8.3.x do not correctly protect the Post Analysis service endpoint of the data access plugin against out-of-band XML External Entity Reference...

4CVSS6.5AI score0.00555EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2023/04/03 6:44 p.m.56 views

CVE-2022-43941

CVE-2022-43941 affects Hitachi Vantara Pentaho Business Analytics Server prior to 9.4.0.1 and 9.3.0.2 (including 8.3.x). The issue is that the Post Analysis service endpoint of the data access plugin does not properly protect against XML External Entity (XXE) references, a root-cause that can lea...

7.1CVSS6.7AI score0.0053EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2023/03/21 6:15 p.m.16 views

Xxe

A vulnerability was found in zwczou WeChat SDK Python 0.3.0 and classified as critical. This issue affects the function validate/toxml. The manipulation leads to xml external entity reference. The attack may be initiated remotely. Upgrading to version 0.5.5 is able to address this issue. The patc...

7.5CVSS9.5AI score0.00775EPSS
Exploits0References5Affected Software1
Vulnrichment
Vulnrichment
added 2023/03/21 6:0 p.m.9 views

CVE-2018-25082 zwczou WeChat SDK Python to_xml xml external entity reference

A vulnerability was found in zwczou WeChat SDK Python 0.3.0 and classified as critical. This issue affects the function validate/toxml. The manipulation leads to xml external entity reference. The attack may be initiated remotely. Upgrading to version 0.5.5 is able to address this issue. The patc...

6.5CVSS9.6AI score0.00775EPSS
Exploits0References5
Cvelist
Cvelist
added 2023/03/21 6:0 p.m.33 views

CVE-2018-25082 zwczou WeChat SDK Python to_xml xml external entity reference

A vulnerability was found in zwczou WeChat SDK Python 0.3.0 and classified as critical. This issue affects the function validate/toxml. The manipulation leads to xml external entity reference. The attack may be initiated remotely. Upgrading to version 0.5.5 is able to address this issue. The patc...

6.5CVSS9.6AI score0.00775EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2023/03/08 5:19 p.m.29 views

XWiki Platform vulnerable to data leak via Improper Restriction of XML External Entity Reference

Impact Any user with edit rights on a document can trigger a XAR import on a forged XAR file, leading to the ability to display the content of any file on the XWiki server host. Example to reproduce: Create a forget XAR file and inside it, have the following package.xml content: xml Helper pages...

7.7CVSS7.3AI score0.00746EPSS
Exploits1References5Affected Software1
NVD
NVD
added 2023/02/21 7:15 a.m.19 views

CVE-2015-10082

A vulnerability classified as problematic has been found in UIKit0 libplist 1.12. This affects the function plistfromxml of the file src/xplist.c of the component XML Handler. The manipulation leads to xml external entity reference. The patch is named c086cb139af7c82845f6d565e636073ff4b37440. It ...

9.8CVSS6.5AI score0.00723EPSS
Exploits0References3
NVD
NVD
added 2023/02/20 11:15 a.m.14 views

CVE-2016-15026

A vulnerability was found in 3breadt dd-plist 1.17 and classified as problematic. Affected by this issue is some unknown functionality. The manipulation leads to xml external entity reference. An attack has to be approached locally. Upgrading to version 1.18 is able to address this issue. The pat...

7.8CVSS6.2AI score0.00543EPSS
Exploits0References5
Rows per page
Query Builder