CVE-2023-49234

MEDIUM Year: 2023
CVSS v3 Score
6.3
Medium
Weakness Type
CWE-611
View all →

Vulnerability Description

An XML external entity (XXE) vulnerability was found in Stilog Visual Planning 8. It allows an authenticated attacker to access local server files and exfiltrate data to an external server.

Related Vulnerabilities

CVE-2017-18438

MEDIUM
CVSS:6.3(Medium)

cPanel before 64.0.21 allows demo accounts to execute code via Encoding API calls (SEC-242).

CWE-6112017

CVE-2024-2826

MEDIUM
CVSS:6.3(Medium)

A vulnerability classified as problematic was found in lakernote EasyAdmin up to 20240315. This vulnerability affects unknown code of the file /ureport/designer/saveReportFile. The manipulation leads ...

CWE-6112024

CVE-2024-49535

MEDIUM
CVSS:6.3(Medium)

Acrobat Reader versions 24.005.20307, 24.001.30213, 24.001.30193, 20.005.30730, 20.005.30710 and earlier are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability ...

CWE-6112024

CVE-2015-7968

MEDIUM
CVSS:6.4(Medium)

nwbc_ext2int in SAP NetWeaver Application Server before Security Note 2183189 allows XXE attacks for local file inclusion via the sap/bc/ui2/nwbc/nwbc_ext2int/ URI.

CWE-6112015

CVE-2017-16349

MEDIUM
CVSS:6.4(Medium)

An exploitable XML external entity vulnerability exists in the reporting functionality of SAP BPC. A specially crafted XML request can cause an XML external entity to be referenced, resulting in infor...

CWE-6112017