Description
XML External Entity (XXE) injection vulnerabilities occur when poorly configured XML parsers process user supplied input without sufficient validation. Attackers can exploit this vulnerability to manipulate XML content and inject malicious external entity references.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_misc
https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0097124
Scores
CVSS v3
7.5
EPSS
0.0077
EPSS Percentile
50.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Details
CWE
CWE-611
CWE-91
Status
published
Products (1)
hcltech/unica
< 12.1.1
Published
May 12, 2022
Tracked Since
Feb 18, 2026