• Skip to primary navigation
  • Skip to main content
CVE Vulnerability

CVE Vulnerability

  • CVE’s
  • Products
  • Vendors

CWE-611

CVE-2019-11519

February 26, 2023 by

Libraries/Nop.Services/Localization/LocalizationService.cs in nopCommerce through 4.10 allows XXE via the “Configurations -> Languages -> Edit Language -> Import Resources -> Upload XML file” screen.

CVE-2019-11392

February 26, 2023 by

BlogEngine.NET 3.3.7 and earlier allows XXE via an apml file to syndication.axd.

CVE-2019-11216

February 26, 2023 by

BMC Smart Reporting 7.3 20180418 allows authenticated XXE within the import functionality. One can import a malicious XML file and perform XXE attacks to download local files from the server, or do DoS attacks with XML expansion attacks. XXE with direct response and XXE OOB are allowed.

CVE-2019-10976

February 26, 2023 by

Mitsubishi Electric FR Configurator2, Version 1.16S and prior. This vulnerability is triggered when input passed to the XML parser is not sanitized while parsing the XML project and/or template file (.frc2). Once a user opens the file, the attacker could read arbitrary files.

CVE-2019-10782

February 26, 2023 by

All versions of com.puppycrawl.tools:checkstyle before 8.29 are vulnerable to XML External Entity (XXE) Injection due to an incomplete fix for CVE-2019-9658.

CVE-2019-10718

February 26, 2023 by

BlogEngine.NET 3.3.7.0 and earlier allows XML External Entity Blind Injection, related to pingback.axd and BlogEngine.Core/Web/HttpHandlers/PingbackHandler.cs.

  • « Go to Previous Page
  • Go to page 1
  • Interim pages omitted …
  • Go to page 62
  • Go to page 63
  • Go to page 64
  • Go to page 65
  • Go to page 66
  • Interim pages omitted …
  • Go to page 107
  • Go to Next Page »

Copyright CVE Vulnerabilities 2023
Data Sources:

  • NIST
  • MITRE
  • CVE Search
  • Open CVE