Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-611

CWE-611

Improper Restriction of XML External Entity Reference

Parent: CWE-610 - Externally Controlled Reference to a Resource in Another Sphere

The product processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output.

1,250 vulnerabilities with CWE-611

CVE-2023-43624 MEDIUM

CX-Designer <= 3.740 - XML External Entity Injection via Project File

CVE-2023-45727 HIGH KEV

Proself Enterprise/Standard Edition <= 5.62, Gateway Edition <= 1.65, Mail Sanitize Edition <= 1.08 - XXE Injection

CVE-2023-36419 HIGH

Azure HDInsight - XML External Entity Injection in Apache Oozie Workflow Scheduler

CVE-2023-41365 MEDIUM

SAP Business One (B1i) -10.0 - Info Disclosure

CVE-2023-45612 HIGH

JetBrains Ktor < 2.3.5 - XML External Entity Injection via Default ContentNegotiation

CVE-2023-42445 MEDIUM

Gradle < 7.6.3 - XML External Entity Injection via Ivy XML and Maven POM Parsing

CVE-2023-42132 MEDIUM

FD Application < 9.01 - XML External Entity Injection

CVE-2023-38343 HIGH

Ivanti Endpoint Manager <2022 SU4 - XSS

CVE-2023-3892 MEDIUM

MIM Assistant/C - XML External Entity Reference

CVE-2023-41369 LOW

SAP S/4HANA 100-108 - XML External Entity Injection via Payment Attachment

CVE-2023-41933 HIGH

Jenkins Job Configuration History Plugin < 1229.v3039470161a_d - XML External Entity Injection

CVE-2023-41932 MEDIUM

Jenkins Job Configuration History Plugin < 1227.v7a_79fc4dc01f - Directory Deletion via Timestamp Query Parameter

CVE-2023-35892 HIGH

IBM Financial Transaction Manager for SWIFT Services 3.2.4 - XXE

CVE-2023-40239 HIGH

Lexmark Printers Firmware < LW80.*.P246 - XXE Injection

CVE-2023-41034 MEDIUM

Eclipse Leshan < 1.5.0 - XML External Entity Injection via DDF File Parsing

CVE-2023-24620 MEDIUM

Esoteric YamlBeans <1.15 - Info Disclosure

CVE-2023-0871 MEDIUM

OpenNMS Horizon < 32.0.2 and Meridian < 2020.1.38 - XML External Entity Injection via /rtc/post/ Endpoint

CVE-2023-3823 HIGH

PHP <8.0.30, 8.1.*<8.1.22, 8.2.*<8.2.8 - Info Disclosure

CVE-2023-32567 CRITICAL

Ivanti Avalanche < 6.4.1 - XML External Entity Injection in decodeToMap

CVE-2023-35389 MEDIUM

Microsoft Dynamics 365 9.0-9.0.47.08 - Remote Code Execution via XML External Entity Injection

CVE-2023-37497 HIGH

HCL Unica < 11.1.0.6 - Authenticated XML External Entity Injection

CVE-2023-30951 MEDIUM

Palantir Foundry Magritte REST Source - XML External Entity Injection

CVE-2023-37364 CRITICAL

WS-Inc J WBEM Server 4.0.0-4.7.4 - XML External Entity Injection in CIM-XML Protocol Adapter

CVE-2023-38490 MEDIUM

Kirby <3.5.8.3, 3.6.6.3, 3.7.5.2, 3.8.4.1, 3.9.6 - XXE

CVE-2023-32639 MEDIUM

Applicant Programme <= 7.06 - XML External Entity Injection

Previous Page 13 of 50 Next

Details

Vulnerabilities 1,250

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy