CVE-2024-50442

HIGH Year: 2024
CVSS v3 Score
7.2
High
Weakness Type
CWE-611
View all →

Vulnerability Description

Improper Restriction of XML External Entity Reference vulnerability in WP Royal Royal Elementor Addons allows XML Injection.This issue affects Royal Elementor Addons: from n/a through 1.3.980.

Related Vulnerabilities

CVE-2018-17186

HIGH
CVSS:7.2(High)

An administrator with workflow definition entitlements can use DTD to perform malicious operations, including but not limited to file read, file write, and code execution.

CWE-6112018

CVE-2019-10264

HIGH
CVSS:7.2(High)

An issue was discovered in Ahsay Cloud Backup Suite before 8.1.1.50. With a valid administrator account, the "Move / Import / Export Users" screen has an Import Users option. This option accepts a ZIP...

CWE-6112019

CVE-2020-15352

HIGH
CVSS:7.2(High)

An XML external entity (XXE) vulnerability in Pulse Connect Secure (PCS) before 9.1R9 and Pulse Policy Secure (PPS) before 9.1R9 allows remote authenticated admins to conduct server-side request forge...

CWE-6112020

CVE-2021-21517

HIGH
CVSS:7.2(High)

SRS Policy Manager 6.X is affected by an XML External Entity Injection (XXE) vulnerability due to a misconfigured XML parser that processes user-supplied DTD input without sufficient validation. A rem...

CWE-6112021

CVE-2021-22158

HIGH
CVSS:7.2(High)

The Proofpoint Insider Threat Management Server (formerly ObserveIT Server) is vulnerable to XML external entity (XXE) injection in the Web Console. The vulnerability requires admin user privileges an...

CWE-6112021

CVE-2021-33208

HIGH
CVSS:7.2(High)

The "Register an Ehcache Configuration File" admin feature in MashZone NextGen through 10.7 GA allows XXE attacks via a malicious XML configuration file.

CWE-6112021