Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-611

CWE-611

Improper Restriction of XML External Entity Reference

Parent: CWE-610 - Externally Controlled Reference to a Resource in Another Sphere

The product processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output.

1,250 vulnerabilities with CWE-611

CVE-2024-37388 CRITICAL

ebookmeta - XML External Entity Injection in get_metadata Function

CVE-2024-36827 HIGH

ebookmeta < 1.2.8 - XML External Entity Injection via get_metadata Function

CVE-2024-3969 HIGH

OpenText iManager <3.2.6.0200 - SSRF

CVE-2024-4357 MEDIUM

Progress Telerik Report Server < 10.1.24.514 - XML External Entity Injection

CVE-2024-3486 HIGH

OpenText iManager 3.2.6.0200 - XML External Entity Injection

CVE-2024-30043 MEDIUM

Microsoft SharePoint Server - Info Disclosure

CVE-2024-34345 HIGH

CycloneDX JavaScript Library 6.7.0 - XML External Entity Injection via XML Validator

CVE-2024-29010 HIGH

SonicWall GMS <= 9.3.4 - XML External Entity Injection via ECM URL Endpoint

CVE-2024-22354 HIGH

IBM WebSphere Application Server <24.0.0.5 - XXE

CVE-2024-21082 CRITICAL

Oracle BI Publisher 7.0.0.0.0 and 12.2.1.4.0 - Unauthenticated XML External Entity Injection via XML Services

CVE-2024-21048 MEDIUM

Oracle Web Applications Desktop Integrator 12.2.3-12.2.13 - XML External Entity Injection in XML Input

CVE-2024-25971 MEDIUM

Dell PowerProtect Data Manager < 19.16 - XML External Entity Injection

CVE-2024-31139 MEDIUM

JetBrains TeamCity < 2024.03 - XML External Entity Injection in Maven Build Steps Detector

CVE-2024-2826 MEDIUM

lakernote easyadmin < 2024-03-15 - XML External Entity Injection via /ureport/designer/saveReportFile

CVE-2024-28039 MEDIUM

FitNesse - XML External Entity Injection

CVE-2024-27266 HIGH

IBM Maximo Application Suite 7.6.1.3 - XXE

CVE-2024-28198 MEDIUM

OpenOlat < 18.1.6 - XML External Entity Injection in draw.io Endpoint

CVE-2024-25129 LOW

CodeQL CLI < 2.16.3 - XML External Entity Injection via Auxiliary File Processing

CVE-2024-25606 HIGH

Liferay Portal <7.4.3.7 & DXP <7.4 - Info Disclosure

CVE-2024-22024 HIGH

Ivanti Connect Secure - XXE

CVE-2024-24743 HIGH

SAP NetWeaver AS Java 7.50 - Unauthenticated XML External Entity Injection

CVE-2024-1167 MEDIUM

SEW-EURODRIVE MOVITOOLS MotionStudio - Info Disclosure

CVE-2024-22380 MEDIUM

Electronic Delivery Check System - XXE

CVE-2024-21796 MEDIUM

Electronic Deliverables Creation Support Tool < 1.0.4 - XML External Entity Injection

CVE-2024-21765 MEDIUM

Cals-ed Electronic Delivery Check System < 11.0.0 - XXE

Previous Page 10 of 50 Next

Details

Vulnerabilities 1,250

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy