XML External Entity (XXE) Injection

weixin-python is vulnerable to XML External Entity XXE Injection. The vulnerability exists due to the parse function in msg.py and the toxml function in pay.py because xml entities are allowed to be resolved, allowing an attacker to inject and execute malicious XML documents to perform requests o...

XML External Entity (XXE) Injection

aXMLRPC is vulnerable to XML external entity attacks. The vulnerability exists because the library does not properly validate the XML documents submitted by the users via the parse function of ResponseParser.java, allowing an attacker to inject malicious XML documents to perform requests on behal...