An issue was discovered in BAE SOCET GXP before 4.6.0.3. It permits external entities in certain XML-based files. An attacker who is able to social engineer a SOCET GXP user into opening a malicious f
An issue was discovered in BAE SOCET GXP before 4.6.0.2. An attacker with the ability to interact with the GXP Job Service may submit a crafted job request that grants read access to files on the file
An issue was discovered in BAE SOCET GXP before 4.6.0.2. Some endpoints on the SOCET GXP Job Status Service may return sensitive information in certain situations, including local file paths and SOCET
An XSS issue was discovered in BAE SOCET GXP before 4.6.0.2. The SOCET GXP Job Status Service does not properly sanitize the job ID parameter before using it in the job status page. An attacker who is
An issue was discovered in BAE SOCET GXP before 4.6.0.2. The SOCET GXP Job Status Service does not implement CSRF protections. An attacker who social engineers a valid user into clicking a malicious l
An issue was discovered in BAE SOCET GXP before 4.6.0.2. The SOCET GXP Job Status Service fails to authenticate requests. In some configurations, this may allow remote or local users to abort jobs or
An issue was discovered in BAE SOCET GXP before 4.6.0.2. The SOCET GXP Job Service does not require authentication. In some configurations, this may allow remote users to submit jobs, or local users t
CWE-611 Improper Restriction of XML External Entity Reference vulnerability exists that could cause information disclosure of server-side file contents when an attacker with a Data Center Expert user
CWE-611: Improper Restriction of XML External Entity Reference vulnerability exists that could cause unauthorized disclosure of local files, interaction within the EBO system, or denial of service con
We found a vulnerability Improper Restriction of XML External Entity Reference (CWE-611) in NB-series NX-Designer. Attackers may be able to abuse this vulnerability to disclose confidential data on a
An XML External Entity (XXE) injection vulnerability exists in ETQ Reliance on the CG (legacy) platform within the `/resources/sessions/sso` endpoint. The SAML authentication handler processes XML inp
PDFPatcher thru 1.1.3.4663 executable's XML bookmark import functionality does not restrict XML external entity (XXE) references. The application uses .NET's XmlDocument class without disabling extern
A vulnerability was found in Jinher OA 1.1. It has been rated as problematic. This issue affects some unknown processing of the file XmlHttp.aspx. The manipulation leads to xml external entity referen
Agiloft Release 28 contains an XML External Entities vulnerability in any table that allows 'import/export', allowing an authenticated attacker to import the template file and perform path traversal o
Improper Restriction of XML External Entity Reference vulnerability in OpenText™ Operations Bridge Manager allows Input Data Manipulation.
The vulnerability could be exploited to confidential inform
Geonetwork 3.10 through 4.2.0 contains an XML external entity vulnerability in PDF rendering that allows attackers to retrieve arbitrary files from the server. Attackers can exploit the insecure XML p
Improper Restriction of XML External Entity Reference vulnerability in Apache SIS.
It is possible to write XML files in such a way that, when parsed by Apache SIS, an XML file reveals to the attack
CWE-611: Improper Restriction of XML External Entity Reference vulnerability exists that could
cause information disclosure, impacts workstation integrity and potential remote code execution on the
co
A vulnerability was determined in zhilink 智互联(深圳)科技有限公司 ADP Application Developer Platform 应用开发者平台 1.0.0. This vulnerability affects unknown code of the file /adpweb/a/base/barcodeDetail/import of the
A
CWE-611: Improper Restriction of XML External Entity Reference vulnerability exists that could
cause manipulation of SOAP API calls and XML external entities injection resulting in unauthoriz
Page 1+ Next →