• Skip to primary navigation
  • Skip to main content
CVE Vulnerability

CVE Vulnerability

  • CVE’s
  • Products
  • Vendors

CWE-611

CVE-2022-25312

February 23, 2023 by godfreyd94

An XML external entity (XXE) injection vulnerability was discovered in the Any23 RDFa XSLTStylesheet extractor and is known to affect Any23 versions < 2.7. XML external entity injection (also known as XXE) is a web security vulnerability that allows an attacker to interfere with an application's processing of XML data. It often allows an attacker to view files on the application server filesystem, and to interact with any back-end or external systems that the application itself can access. This issue is fixed in Apache Any23 2.7.

CVE-2022-25209

February 23, 2023 by godfreyd94

Jenkins Chef Sinatra Plugin 1.20 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.

CVE-2022-24898

February 23, 2023 by godfreyd94

org.xwiki.commons:xwiki-commons-xml is a common module used by other XWiki top level projects. Starting in version 2.7 and prior to versions 12.10.10, 13.4.4, and 13.8-rc-1, it is possible for a script to access any file accessing to the user running XWiki application server with XML External Entity Injection through the XML script service. The problem has been patched in versions 12.10.10, 13.4.4, and 13.8-rc-1. There is no easy workaround for fixing this vulnerability other than upgrading and being careful when giving Script rights.

CVE-2022-24449

February 23, 2023 by godfreyd94

Solar appScreener through 3.10.4, when a valid license is not present, allows XXE and SSRF attacks via a crafted XML document.

CVE-2022-24340

February 23, 2023 by

In JetBrains TeamCity before 2021.2.1, XXE during the parsing of the configuration file was possible.

CVE-2022-2414

February 23, 2023 by

Access to external entities when parsing XML documents can lead to XML external entity (XXE) attacks. This flaw allows a remote attacker to potentially retrieve the content of arbitrary files by sending specially crafted HTTP requests.

  • « Go to Previous Page
  • Go to page 1
  • Interim pages omitted …
  • Go to page 98
  • Go to page 99
  • Go to page 100
  • Go to page 101
  • Go to page 102
  • Interim pages omitted …
  • Go to page 107
  • Go to Next Page »

Copyright CVE Vulnerabilities 2023
Data Sources:

  • NIST
  • MITRE
  • CVE Search
  • Open CVE