Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-611

CWE-611

Improper Restriction of XML External Entity Reference

Parent: CWE-610 - Externally Controlled Reference to a Resource in Another Sphere

The product processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output.

1,250 vulnerabilities with CWE-611

CVE-2023-50168 HIGH

Pega Platform < 8.8.5 - XML External Entity Injection via PDF Generation

CVE-2023-25926 MEDIUM

IBM Security Guardium Key Lifecycle Manager 3.0-4.1.1 - XML External Entity Injection

CVE-2023-50380 MEDIUM

Apache Ambari <= 2.7.7 - XML External Entity Injection

CVE-2023-52239 MEDIUM

Magic xpi Integration Platform 4.13.4 - XML External Entity Injection via onItemImport

CVE-2023-32327 HIGH

IBM Security Verify Access 10.0.0.0-10.0.6.1 - XML External Entity Injection

CVE-2023-4554 MEDIUM

OpenText AppBuilder 21.2-23.2 - Authenticated XML External Entity Injection

CVE-2023-45139 HIGH

fonttools 4.28.2-4.42.9 - XML External Entity Injection via SVG Table Parsing

CVE-2023-6149 MEDIUM

Qualys Jenkins Plugin for WAS <2.0.11 - SSRF

CVE-2023-6147 MEDIUM

Qualys Jenkins Plugin <1.0.5 - SSRF

CVE-2023-26999 CRITICAL

NetScout nGeniusOne <6.3.4 - RCE, DoS

CVE-2023-52252 CRITICAL

Unified Remote 3.13.0 - Remote Code Execution via Remote Upload Endpoint

CVE-2023-46265 CRITICAL

Ivanti Avalanche Smart Device Server - XML External Entity Request Forgery

CVE-2023-6280 HIGH

52north WPS < 4.0.0-beta.11 - XML External Entity Injection via WebProcessingService Servlet

CVE-2023-6836 MEDIUM

WSO2 API Manager < 3.0.0 - XML External Entity Injection

CVE-2023-6721 HIGH

Repox - XML External Entity Injection in File Upload Function

CVE-2023-6194 LOW

Eclipse Memory Analyzer <1.14.0 - Info Disclosure

CVE-2023-49733 CRITICAL

Apache Cocoon 2.2.0-2.2.9 - XML External Entity Injection

CVE-2023-49656 CRITICAL

Jenkins MATLAB Plugin < 2.11.1 - XML External Entity Injection

CVE-2023-22274 HIGH

Adobe RoboHelp Server <11.4 - Info Disclosure

CVE-2023-46590 HIGH

Siemens OPC UA Modelling Editor - XXE Injection

CVE-2023-4218 MEDIUM

Eclipse IDE < 4.29 - XML External Entity Injection via Project File Parsing

CVE-2023-5136 MEDIUM

TopoGrafix DataPlugin - Info Disclosure

CVE-2023-46802 MEDIUM

e-Tax Software <=3.0.10 - XML External Entity File Disclosure

CVE-2023-46502 CRITICAL

openCRX < 5.3.0 - XML External Entity Injection via Insecure DocumentBuilderFactory

CVE-2023-43067 MEDIUM

Dell Unity <5.3 - XML External Entity Injection

Previous Page 12 of 50 Next

Details

Vulnerabilities 1,250

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy