Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-611

CWE-611

Improper Restriction of XML External Entity Reference

Parent: CWE-610 - Externally Controlled Reference to a Resource in Another Sphere

The product processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output.

1,250 vulnerabilities with CWE-611

CVE-2023-32635 MEDIUM

edinet-fsa xbrl_data_create < 7.0 - XML External Entity Injection via XBRL File Processing

CVE-2023-20918 CRITICAL

Android - XML External Entity Injection

CVE-2023-37942 MEDIUM

Jenkins External Monitor Job Type Plugin < 206.v9a_94ff0b_4a_10 - XML External Entity Injection

CVE-2023-37200 MEDIUM

EcoStruxure OPC UA Server Expert < 2.01 - XML External Entity Injection via Project File Replacement

CVE-2023-35786 MEDIUM

ManageEngine ADManager Plus < 7183 - Authenticated XML External Entity Injection

CVE-2023-3113 HIGH

Lenovo XClarity Administrator CIM Server - XML External Entity File Read

CVE-2023-3276 MEDIUM

Dromara hutool < 5.8.19 - XML External Entity Injection in XmlUtil.readBySax

CVE-2023-24470 CRITICAL

ArcSight Logger < 7.3.0 - XML External Entity Injection

CVE-2023-29498 MEDIUM

FRENIC RHC Loader < 1.1.0.3 - XML External Entity Injection via Project File

CVE-2023-34411 HIGH

xml-rs 0.8.9-0.8.13 - Denial of Service via Invalid XML Token Parsing

CVE-2023-32706 HIGH

Splunk < 9.0.5, 8.2.11, 8.1.14 - Unauthenticated Denial of Service via SAML XML Parser

CVE-2023-2806 MEDIUM

Weaver e-cology <9.0 - XML External Entity Reference

CVE-2023-20174 MEDIUM

Cisco Identity Services Engine - Authenticated XML External Entity Injection

CVE-2023-20173 MEDIUM

Cisco Identity Services Engine - Authenticated XML External Entity Injection

CVE-2023-2161 MEDIUM

Schneider Electric OPC Factory Server - XML External Entity Reference

CVE-2023-27554 MEDIUM

IBM WebSphere Application Server 8.5.0.0-8.5.5.23 - XML External Entity Injection

CVE-2023-27527 HIGH

Shinseiyo Sogo Soft < 7.9a - XML External Entity Injection

CVE-2023-29443 MEDIUM

ManageEngine AssetExplorer < 6989 - XML External Entity Injection via Reports Integration API

CVE-2023-28009 MEDIUM

HCL Workload Automation - XML External Entity Injection

CVE-2023-28008 HIGH

HCL Workload Automation 9.4, 9.5, and 10.1 - XML External Entity Injection

CVE-2023-26058 MEDIUM

Nokia NetAct - XML External Entity Injection via Performance Manager Page

CVE-2023-26057 MEDIUM

Nokia NetAct - XML External Entity Injection via Configuration Dashboard

CVE-2023-27652 MEDIUM

Ego Studio SuperClean 1.1.5-1.1.9 - XML External Entity Injection via Update Info Field

CVE-2023-26264 MEDIUM

Talend Data Catalog <8.0-20220907 - XXE

CVE-2023-26263 MEDIUM

Talend Data Catalog <8.0-20230110 - XXE

Previous Page 14 of 50 Next

Details

Vulnerabilities 1,250

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy