Index
Submit Vulnerability
Rank
Market
Exchange
Newest PoC
Search
Community
Pocsuite
Ceye.io
Paper
KCon
ZoomEye
About
Data Statistics
Vul Market
Develop Document
Guideline
Feedback
Help
Login
Register
Toggle navigation
Login
Index
Reward and Rank
Detail Reward List
PoC Reward List
Exchange
Rank
Submit New Vulnerability
Vulnerability Database
Vulnerability List
Component Categories
Vulnerability Category
Search
Data Statistics
Paper
Vulnerability Category
— XML Injection
Chinese name:
XML 注入
Detail:
服务端解析用户提交的xml文件时未对xml文件引用的外部实体做合适的处理,并且实体的URL支持file://和php://等协议,攻击者可以在xml文件中声明URI指向服务器本地的实体造成攻击。
Related Vulnerabilities
SSV ID
Submit Time
Level
Name
Status
Popularity | Comments
SSV-99792
2023-12-18
SAP BusinessObjects Intelligence 4.3 XXE漏洞(CVE-2022-28213)
6924 | 0
SSV-99720
2023-07-13
泛微OA e-cology XXE 漏洞
4214 | 0
SSV-99635
2023-01-22
ManageEngine 多个产品远程命令执行漏洞(CVE-2022-47966)
10103 | 1
SSV-99543
2022-07-14
Zoho ManageEngine ADAudit Plus 未授权RCE漏洞(CVE-2022-28219)
3429 | 0
SSV-99508
2022-05-11
ArcGIS Enterprise Portal for ArcGIS 组件XXE漏洞
2380 | 0
SSV-99413
2021-12-15
DedeCMS XML注入漏洞(CVE-2018-16784)
1713 | 0
SSV-99235
2021-04-28
wordpress 5.7 授权XXE漏洞(CVE-2021-29447)
10327 | 0
SSV-99113
2021-01-26
WebSphere XML外部实体注入漏洞(CVE-2020-4949)
7607 | 0
SSV-99074
2020-12-16
Nexus Repository Manager 3 XML外部实体注入漏洞(CVE-2020-29436)
9814 | 0
SSV-99065
2020-12-09
IBM Maximo Asset Management XXE漏洞(CVE-2020-4463)
11136 | 0
SSV-98386
2020-09-22
Apache Cocoon XML外部实体注入 (CVE-2020-11991)
10675 | 0
SSV-98382
2020-09-22
WebSphere XXE 漏洞(CVE-2020-4643)
11064 | 0
SSV-98209
2020-04-15
WebLogic XXE任意文件读取漏洞(CVE-2020-2949)
10785 | 0
SSV-98087
2019-10-16
WebLogic 未授权XXE漏洞(CVE-2019-2888)
9684 | 0
SSV-97933
2019-05-08
Jenkins Swarm Plugin XML external entities information disclosure vulnerability(CVE-2019-10309)
4269 | 0
SSV-97921
2019-04-22
weblogic CVE-2019-2647等相关XXE漏洞
6022 | 0
SSV-97890
2019-03-31
phpshe v1.7 XXE 漏洞
5668 | 0
SSV-97760
2019-01-07
Apache Karaf XXE Vulnerability (CVE-2018-11788)
4406 | 0
SSV-97632
2018-10-29
WebLogic Web服务测试页 XXE(CVE-2018-3246)
5687 | 0
SSV-97610
2018-10-16
Apache OFBiz XXE Vulnerability
4925 | 0
SSV-97543
2018-09-20
JavaMelody组件XXE漏洞
4518 | 0
SSV-97397
2018-07-04
XXE in WeChat Pay SDK
3996 | 0
SSV-97382
2018-06-29
KYOCERA Multi-Set Template Editor 3.4 Out-Of-Band XML External Entity Injection
3438 | 0
SSV-97138
2018-02-24
XXE Zeroday Vulnerability in HP PPM
1364 | 0
SSV-97124
2018-02-02
Oracle Financial Services Analytical Applications 7.3.5.x / 8.0.x XXE Injection(CVE-2018-2660) / XSS(CVE-2018-2661)
1882 | 0
SSV-96970
2017-12-11
Cimetrics BACnet Explorer 4.0 XXE Vulnerability
1182 | 0
SSV-96838
2017-11-09
Shopware 5.3.3: PHP Object Instantiation to Blind XXE
1407 | 0
SSV-96596
2017-09-28
Apache Commons Jelly connects to url with certain custom doctype definitions.
2091 | 0
SSV-96466
2017-09-13
Open Fire User Import Export Plugin XML External Entity Injection(CVE-2017-2815)
1479 | 0
SSV-93122
2017-05-22
openEAP统一登录门户系统存在通用型XXE漏洞
3560 | 1
SSV-93114
2017-05-18
Oracle PeopleSoft Remote Code Execution: Blind XXE to SYSTEM Shell
1640 | 0
SSV-93095
2017-05-11
Oracle PeopleSoft HCM 9.2 XXE Injection
1650 | 0
SSV-92916
2017-04-06
AMF3 Java implementations Improper Restriction of XML External Entity Reference ('XXE')
1492 | 0
SSV-92552
2016-11-23
SAP NetWeaver AS JAVA - 'BC-BMT-BPM-DSK' XML 外部实体注入漏洞
6385 | 0
SSV-92397
2016-09-09
Adobe ColdFusion < 11 Update 10 - XML外部实体注入
5625 | 0
SSV-92048
2016-07-07
Apple Safari for Mac OS X 本地 XXE漏洞
5775 | 0
SSV-91844
2016-06-15
Data format extension for Jackson XmlMapper XML外部实体漏洞
3807 | 0
SSV-91691
2016-05-30
AfterLogic WebMail Pro ASP.NET Account Takeover / XXE Injection
4132 | 0
SSV-91604
2016-05-20
TurboMail XML实体注入漏洞
4179 | 0
SSV-91444
2016-05-04
万户OA xfire xml实体注入漏洞
4641 | 0
SSV-91387
2016-04-26
TRS wcm系统 eg_newuser_dowith.jsp XXE漏洞
2445 | 0
SSV-91057
2016-03-16
mallbuilder多用户商城系统 v5.8.1.1 /api/wechat.php XML注入漏洞
1748 | 0
SSV-90736
2016-02-15
yonyou OA soapFormat.ajax 参数msg XXE漏洞
2317 | 0
SSV-90629
2016-01-26
TRS WCM parseXMLFile()函数 XXE漏洞
2426 | 0
SSV-90236
2016-01-08
Z-BLOG Blind-XXE造成任意文件读取
2490 | 0
SSV-89958
2015-11-30
用友 hrss/dorado/smartweb2.RPC.d 页面 XXE 漏洞
3364 | 0
SSV-89428
2015-09-15
WukongCRM 0.5.1 /App/Lib/Action/WeixinAction.class.php XXE漏洞
1525 | 3
SSV-88762
2014-08-12
SOAPpy 0.12.5 /Parser.py XML注入漏洞
2156 | 0
×
Hello,
please call the customer service hotline to recharge, thank you for your continued support Seebug!
010-57076191