Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-611

CWE-611

Improper Restriction of XML External Entity Reference

Parent: CWE-610 - Externally Controlled Reference to a Resource in Another Sphere

The product processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output.

1,250 vulnerabilities with CWE-611

CVE-2024-23525 MEDIUM

Spreadsheet::ParseXLSX < 0.30 - XML External Entity Injection via XML::Twig Parser

CVE-2023-42346 HIGH

Alkacon OpenCms < 16 - XML External Entity Injection

CVE-2023-42344 HIGH

Alkacon OpenCms <10.5.1 - Info Disclosure

CVE-2023-7307 HIGH

Sangfor Behavior Management System - XXE Injection

CVE-2023-38693 CRITICAL

Lucee < 5.4.3.2, 5.3.12.1, 5.3.7.59, 5.3.8.236, 5.3.9.173 - Remote Code Execution via XML External Entity Injection

CVE-2023-47160 HIGH

IBM Cognos Controller 11.0.0-11.0.1 FP3 and IBM Controller 11.1.0 - XML External Entity Injection

CVE-2023-24466 HIGH

OpenText iManager <3.2.6.0200 - XSS

CVE-2023-37233 HIGH

Loftware Spectrum < 4.6_hf14 - Authenticated XML External Entity Injection

CVE-2023-48362 HIGH

Apache Drill 1.19.0-1.21.1 - XML External Entity Injection in XML Format Plugin

CVE-2023-50304 HIGH

IBM Engineering Requirements Management DOORS Web Access 9.7.2.8 - XML External Entity Injection

CVE-2023-49110 HIGH

Kiuwan - XML External Entity Injection

CVE-2023-45192 HIGH

IBM Engineering Requirements Management DOORS Next 7.0.2 and 7.0.3 - XML External Entity Injection

CVE-2023-51605 MEDIUM

Honeywell Saia PG5 Controls Suite - Info Disclosure

CVE-2023-51604 MEDIUM

Honeywell Saia PG5 Controls Suite - Info Disclosure

CVE-2023-51602 MEDIUM

Honeywell Saia PG5 Controls Suite - Info Disclosure

CVE-2023-51601 MEDIUM

Honeywell Saia PG5 Controls Suite - Info Disclosure

CVE-2023-51600 MEDIUM

Honeywell Saia PG5 Controls Suite - Info Disclosure

CVE-2023-51591 HIGH

Voltronic Power ViewPower Pro - Info Disclosure

CVE-2023-44412 HIGH

D-Link D-View 8 - Unauthenticated XML External Entity Injection in addDv7Probe

CVE-2023-42035 MEDIUM

Visualware MyConnection Server - XML External Entity Injection via doIForward Method

CVE-2023-40507 HIGH

LG Simple Editor - XML External Entity Injection via copyContent Command

CVE-2023-40506 HIGH

LG Simple Editor - XML External Entity Injection via copyContent Command

CVE-2023-40503 HIGH

LG Simple Editor - XML External Entity Injection via saveXmlFile Method

CVE-2023-39472 MEDIUM

Inductive Automation Ignition 8.1.0-8.1.31 - Authenticated XML External Entity Injection in SimpleXMLReader

CVE-2023-49234 MEDIUM

Stilog Visual Planning 8 - Authenticated XML External Entity Injection

Previous Page 11 of 50 Next

Details

Vulnerabilities 1,250

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy