Xmllanguageserverproject Xml Server Project

In 2024 there have been 0 vulnerabilities in Xmllanguageserverproject Xml Server Project . Xml Server Project did not have any published security vulnerabilities last year.

Year	Vulnerabilities	Average Score
2024	0	0.00
2023	0	0.00
2022	0	0.00
2021	0	0.00
2020	0	0.00
2019	2	7.65
2018	0	0.00

It may take a day or so for new Xml Server Project vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Xmllanguageserverproject Xml Server Project Security Vulnerabilities

XMLLanguageService.java in XML Language Server (aka lsp4xml) before 0.9.1, as used in Red Hat XML Language Support (aka vscode-xml) before 0.9.1 for Visual Studio and other products

CVE-2019-18212 6.5 - Medium - October 23, 2019

XMLLanguageService.java in XML Language Server (aka lsp4xml) before 0.9.1, as used in Red Hat XML Language Support (aka vscode-xml) before 0.9.1 for Visual Studio and other products, allows a remote attacker to write to arbitrary files via Directory Traversal.

Directory traversal

XML Language Server (aka lsp4xml) before 0.9.1, as used in Red Hat XML Language Support (aka vscode-xml) before 0.9.1 for Visual Studio and other products, allows XXE via a crafted XML document, with resultant SSRF (as well as SMB connection initiation

CVE-2019-18213 8.8 - High - October 23, 2019

XML Language Server (aka lsp4xml) before 0.9.1, as used in Red Hat XML Language Support (aka vscode-xml) before 0.9.1 for Visual Studio and other products, allows XXE via a crafted XML document, with resultant SSRF (as well as SMB connection initiation that can lead to NetNTLM challenge/response capture for password cracking). This occurs in extensions/contentmodel/participants/diagnostics/LSPXMLParserConfiguration.java.

aka Blind XPath Injection

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Xmllanguageserverproject Xml Server Project or by Xmllanguageserverproject? Click the Watch button to subscribe.

Xmllanguageserverproject
Vendor

Xmllanguageserverproject Xml Server Project
Product

By the Year

Recent Xmllanguageserverproject Xml Server Project Security Vulnerabilities

XMLLanguageService.java in XML Language Server (aka lsp4xml) before 0.9.1, as used in Red Hat XML Language Support (aka vscode-xml) before 0.9.1 for Visual Studio and other products CVE-2019-18212 6.5 - Medium - October 23, 2019

XML Language Server (aka lsp4xml) before 0.9.1, as used in Red Hat XML Language Support (aka vscode-xml) before 0.9.1 for Visual Studio and other products, allows XXE via a crafted XML document, with resultant SSRF (as well as SMB connection initiation CVE-2019-18213 8.8 - High - October 23, 2019

Stay on top of Security Vulnerabilities

Xmllanguageserverproject Vendor

Xmllanguageserverproject Xml Server ProjectProduct

XMLLanguageService.java in XML Language Server (aka lsp4xml) before 0.9.1, as used in Red Hat XML Language Support (aka vscode-xml) before 0.9.1 for Visual Studio and other products

CVE-2019-18212 6.5 - Medium - October 23, 2019

XML Language Server (aka lsp4xml) before 0.9.1, as used in Red Hat XML Language Support (aka vscode-xml) before 0.9.1 for Visual Studio and other products, allows XXE via a crafted XML document, with resultant SSRF (as well as SMB connection initiation

CVE-2019-18213 8.8 - High - October 23, 2019

Xmllanguageserverproject
Vendor

Xmllanguageserverproject Xml Server Project
Product