Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

9 matches found

OSV
OSVadded 2023/10/25 6:32 p.m.0 views

GHSA-FGQ9-FC3Q-VQMW Withdrawn Advisory: dom4j XML Entity Expansion vulnerability

Withdrawn Advisory This advisory has been withdrawn because the underlying vulnerability could not be reproduced. This link is maintained to preserve external references. Original Description An issue in dom4.j org.dom4.io.SAXReader v.2.1.4 and before allows a remote attacker to obtain sensitive...

5.8AI score
Exploits0References7
UbuntuCve
UbuntuCveadded 2023/10/25 12:0 a.m.33 views

CVE-2023-45960

Rejected reason: DO NOT USE THIS CVE RECORD. ConsultIDs: none. Reason: This record was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none...

5.8AI score
Exploits0References3
Positive Technologies
Positive Technologiesadded 2023/10/24 12:0 a.m.2 views

PT-2023-29776 · Org.Dom4J · Org.Dom4J

Name of the Vulnerable Software and Affected Versions: org.dom4j SAXReader versions 2.1.4 and before Description: The issue allows a remote attacker to obtain sensitive information via the setFeature function. However, it's noted that the underlying vulnerability could not be reproduced...

7.5CVSS3.5AI score
Exploits0References12
Huntr
Huntradded 2021/12/10 6:23 p.m.27 views

in dotcms/core

Description Hello, dotCMS has an XXE vulnerability in the template design page. To exploit this flaw, a attacker needs the permission to edit and preview templates, and this can be abused to read internal files Video Poc This section of the documentation explain how to use the XMLTool in the...

0.4AI score
Exploits0
Mageia
Mageiaadded 2021/01/17 4:7 p.m.246 views

Updated dom4j packages fix a security vulnerability

A flaw was found in the dom4j library. By using the default SaxReader provided by Dom4J, external DTDs and External Entities are allowed, resulting in a possible XXE CVE-2020-10683...

9.8CVSS3.2AI score0.0696EPSS
Exploits0References2
Veracode
Veracodeadded 2020/04/22 4:37 a.m.49 views

XML External Entity

dom4j is vulnerable to XML external entity attacks. The default SaxReader does not disable external DTDs and External Entities by default, allowing an attacker to access local or internal network resources, or perform requests on behalf of the server...

9.8CVSS3AI score0.0696EPSS
Exploits0References24Affected Software30
Veracode
Veracodeadded 2017/08/23 1:52 a.m.6 views

XML External Entity (XXE) Injection Through Insecure Defaults

dom4j is vulnerable to XML External Entity Injection. The library by default uses the SAXReader to parse documents without using the setFeature function in it to disable doctype and entities, allowing a malicious user to pass a document to execute an XML Injection attack...

7.3AI score
Exploits0
CVE
CVEadded 1976/01/01 12:0 a.m.82 views

CVE-2023-45960

CVE-2023-45960 refers to a dom4j SAXReader vulnerability where improper handling of XML external entity (XXE) declarations in the setFeature function could allow a remote attacker to obtain sensitive information. Documented by IBM for InfoSphere Information Server 11.7 as affected, with remediati...

7.4AI score
Exploits0
Debian CVE
Debian CVEadded 1976/01/01 12:0 a.m.12 views

CVE-2023-45960

Removed by vendor...

5.1AI score
Exploits0
Rows per page
Query Builder