CVE-2024-12476

HIGH Year: 2024
CVSS v3 Score
7.8
High
Weakness Type
CWE-611
View all →

Vulnerability Description

CWE-611: Improper Restriction of XML External Entity Reference vulnerability exists that could cause information disclosure, impacts workstation integrity and potential remote code execution on the compromised computer, when specific crafted XML file is imported in the Web Designer configuration tool.

Related Vulnerabilities

CVE-2014-5238

HIGH
CVSS:7.8(High)

XML external entity (XXE) vulnerability in Open-Xchange (OX) AppSuite before 7.4.2-rev11 and 7.6.x before 7.6.0-rev9 allows remote attackers to read arbitrary files and possibly other unspecified impa...

CWE-6112014

CVE-2016-15026

HIGH
CVSS:7.8(High)

A vulnerability was found in 3breadt dd-plist 1.17 and classified as problematic. Affected by this issue is some unknown functionality. The manipulation leads to xml external entity reference. An atta...

CWE-6112016

CVE-2016-4434

HIGH
CVSS:7.8(High)

Apache Tika before 1.13 does not properly initialize the XML parser or choose handlers, which might allow remote attackers to conduct XML External Entity (XXE) attacks via vectors involving (1) spread...

CWE-6112016

CVE-2016-5002

HIGH
CVSS:7.8(High)

XML external entity (XXE) vulnerability in the Apache XML-RPC (aka ws-xmlrpc) library 3.1.3, as used in Apache Archiva, allows remote attackers to conduct server-side request forgery (SSRF) attacks vi...

CWE-6112016

CVE-2016-9487

HIGH
CVSS:7.8(High)

EpubCheck 4.0.1 does not properly restrict resolving external entities when parsing XML in EPUB files during validation. An attacker who supplies a specially crafted EPUB file may be able to exploit t...

CWE-6112016

CVE-2017-1000498

HIGH
CVSS:7.8(High)

AndroidSVG version 1.2.2 is vulnerable to XXE attacks in the SVG parsing component resulting in denial of service and possibly remote code execution

CWE-6112017