CWE-611

yWorks yEd Desktop before 3.20.1 allows XXE attacks via an XML or GraphML document.

An issue was discovered in Hyland OnBase 16.0.2.83 and below, 17.0.2.109 and below, 18.0.0.37 and below, 19.8.16.1000 and below and 20.3.10.1000 and below. It allows XXE attacks for read/write access to arbitrary files.

An XXE vulnerability exists within LeviStudioU Release Build 2019-09-21 and prior when processing parameter entities, which may allow file disclosure.

MPXJ through 8.1.3 allows XXE attacks. This affects the GanttProjectReader and PhoenixReader components.

Maltego before 4.2.12 allows XXE attacks.

The Management Console in WSO2 API Manager through 3.1.0 and API Microgateway 2.2.0 allows XML External Entity injection (XXE) attacks.