CVE-2023-32639

CVE-2023-32639 affects the Ministry of Justice’s Applicant Programme, specifically versions 7.06 and earlier . The root cause is improper restriction of XML External Entity (XXE) references , allowing processing of a crafted XML file to read arbitrary files on the system. Impact is high confident...

Cross Site Scripting (XSS)

gitlab is vulnerable to Cross-site Scripting XSS. The vulnerability occurs when viewing a XML file in the repository in 'raw' mode which could be rendered as HTML in certain conditions, which allows an authenticated attacker to inject and execute malicious javascript on victim's browser...

ABB FlowX v4.00 - Exposure of Sensitive Information

Exploit Title: ABB FlowX v4.00 - Exposure of Sensitive Information Date: 2023-03-31 Exploit Author: Paul Smith Vendor Homepage: https://new.abb.com/products/measurement-products/flow-computers/spirit-it-flow-x-series Version: ABB Flow-X all versions before V4.00 Tested on: Kali Linux CVE:...

Security Bulletin: IBM WebSphere Application Server is vulnerable to an XML External Entity (XXE) Injection vulnerability (CVE-2023-27554)

Summary IBM WebSphere Application Server is vulnerable to an XML External Entity XXE Injection vulnerability. This has been addressed in the remediation section. Vulnerability Details CVEID:CVE-2023-27554 DESCRIPTION: IBM WebSphere Application Server is vulnerable to an XML External Entity...

JVN#44726469: Improper restriction of XML external entity references (XXE) in XBRL data create application

XBRL data create application provided by Financial Services Agency improperly restricts XML external entity references XXE CWE-611. Impact By processing a specially crafted XBRL file, arbitrary files on the system may be read by an attacker. Solution Update the Software Update the software to the...

Security advisory: QXmlStreamReader

A recently reported potential buffer overflow issue in QXmlStreamReader has been assigned the CVE id CVE-2023-38197. QXmlStreamReader can freeze or get out of memory on recursive entity expansion, with DTD tokens in XML body. Solution: Apply the attached patch or update to Qt 5.15.15, Qt 6.2.10, ...

GHSA-G4C3-4F3V-84X8 Jenkins External Monitor Job Type Plugin XML external entity vulnerability

Jenkins External Monitor Job Type Plugin 206.v9a94ff0b4a10 and earlier does not configure its XML parser to prevent XML external entity XXE attacks. This allows attackers with Item/Build permission to have Jenkins parse a crafted HTTP request with XML data that uses external entities for extracti...

Jenkins External Monitor Job Type Plugin XML external entity vulnerability

Jenkins External Monitor Job Type Plugin 206.v9a94ff0b4a10 and earlier does not configure its XML parser to prevent XML external entity XXE attacks. This allows attackers with Item/Build permission to have Jenkins parse a crafted HTTP request with XML data that uses external entities for extracti...

CVE-2023-37942

Jenkins External Monitor Job Type Plugin 206.v9a94ff0b4a10 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...

Xxe

Jenkins External Monitor Job Type Plugin 206.v9a94ff0b4a10 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...

CVE-2023-37942

Jenkins External Monitor Job Type Plugin 206.v9a94ff0b4a10 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...

Updated keepass packages fix security vulnerability

Allows an attacker, who has write access to the XML configuration file, to obtain the cleartext passwords by adding an export trigger. Disputed by vendor due to level of access required. CVE-2023-24055 Possible to recover the cleartext master password from a memory dump, even when a workspace is...

GHSA-WF8M-QR47-XC9M Jenkins AbsInt a³ Plugin XML External Entity Reference vulnerability

Jenkins AbsInt a³ Plugin 1.1.0 and earlier does not configure its XML parser to prevent XML external entity XXE attacks. This allows attackers able to control Project File APX contents to have Jenkins parse a crafted XML document that uses external entities for extraction of secrets from the...

Jenkins AbsInt a³ Plugin XML External Entity Reference vulnerability

Jenkins AbsInt a³ Plugin 1.1.0 and earlier does not configure its XML parser to prevent XML external entity XXE attacks. This allows attackers able to control Project File APX contents to have Jenkins parse a crafted XML document that uses external entities for extraction of secrets from the...

The case against self-closing tags in HTML

Let's talk about /: You'll see this syntax on my blog because it's what Prettier does, and I really like Prettier. However, I don't think / is a good thing. First up: The facts Enter XHTML Back in the late 90s and early 2000s, the W3C had a real thing for XML, and thought that it should replace...

The case against self-closing tags in HTML

Let's talk about /: You'll see this syntax on my blog because it's what Prettier does, and I really like Prettier. However, I don't think / is a good thing. First up: The facts Enter XHTML Back in the late 90s and early 2000s, the W3C had a real thing for XML, and thought that it should replace...

XML External Entity (XXE) Injection

py-xml is vulnerable to XML External Entity XXE Injection. The vulnerability exists because the library does not properly sanitize external DTD's by default, which allows an attacker to inject and execute maliciously crafted XML documents...

Security Bulletin: Multiple vulnerabilities affect the IBM App Connect Enterprise Toolkit and the IBM Integration Bus Toolkit

Summary The IBM App Connect Enterprise Toolkit and the IBM Integration Bus Toolkit are vulnerable, as per the CVEs listed in the Vulnerability Details section. These vulnerabilities affect some development tasks in the product toolkit. CVE-2022-29599 and CVE-2020-10683 only affect Test and Java...

requests-xml XML External Entity Injection vulnerability

requests-xml v0.2.3 was discovered to contain an XML External Entity Injection XXE vulnerability which allows attackers to execute arbitrary code via a crafted XML file...

CVE-2020-26708

requests-xml v0.2.3 was discovered to contain an XML External Entity Injection XXE vulnerability which allows attackers to execute arbitrary code via a crafted XML file...