Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-611

CWE-611

Improper Restriction of XML External Entity Reference

Parent: CWE-610 - Externally Controlled Reference to a Resource in Another Sphere

The product processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output.

1,250 vulnerabilities with CWE-611

CVE-2023-28828 MEDIUM

Polarion ALM < V22R2 - XML External Entity Injection

CVE-2023-25955 MEDIUM

National Land Numerical Information Data Conversion Tool - XML External Entity Injection

CVE-2023-28340 MEDIUM

Zoho ManageEngine Applications Manager <= 16320 - Authenticated XML External Entity Injection

CVE-2023-27876 HIGH

IBM TRIRIGA 4.0 - XML External Entity Injection

CVE-2023-20030 MEDIUM

Cisco Identity Services Engine < 3.2 - Authenticated XML External Entity Injection via XML File Upload

CVE-2023-28684 MEDIUM

Jenkins remote-jobs-view-plugin <0.0.3 - XXE

CVE-2023-28683 HIGH

Jenkins Phabricator Differential Plugin <2.1.5 - XXE

CVE-2023-28682 HIGH

Jenkins Performance Publisher Plugin <8.09 - XXE

CVE-2023-28681 HIGH

Jenkins Visual Studio Code Metrics Plugin <1.7 - XXE

CVE-2023-28680 HIGH

Jenkins Crap4J Plugin < 0.9 - XML External Entity Injection

CVE-2023-28150 MEDIUM

Independentsoft JODF < 1.1.110 - XML External Entity Injection via Remote DTD in DOCX File

CVE-2023-28151 MEDIUM

Independentsoft JSpreadsheet < 1.1.110 - XML External Entity Injection via DOCX File Processing

CVE-2023-28152 MEDIUM

Independentsoft JWord < 1.1.110 - XML External Entity Injection via DOCX File

CVE-2023-28685 HIGH

Jenkins AbsInt a³ Plugin <1.1.0 - XXE

CVE-2023-27874 CRITICAL

IBM Aspera Faspex 4.4.2 - Authenticated XML External Entity Injection

CVE-2023-26461 MEDIUM

SAP NetWeaver 7.50 - Info Disclosure

CVE-2023-1288 MEDIUM

ENOVIA Live Collaboration >= V6R2013xE < V6R2013xE_FP.CFA.2240 - XML External Entity Injection

CVE-2023-27476 HIGH

OWSLib < 0.28.1 - XML External Entity Injection via Unsafe XML Parser

CVE-2023-27480 HIGH

XWiki Platform < 13.10.11 - XML External Entity Injection via XAR Import

CVE-2023-20052 MEDIUM

ClamAV <1.0.0 - Info Disclosure

CVE-2023-26043 MEDIUM

GeoNode < 4.0.3 - XML External Entity Injection via Style Upload

CVE-2023-24189 CRITICAL

urule 2.1.7 - XML External Entity Injection via /urule/common/saveFile

CVE-2023-20855 HIGH

VMware vRealize Automation and Orchestrator 8.0-8.11.0 - XML External Entity Injection

CVE-2023-26267 MEDIUM

php-saml-sp <2.1.1 - Info Disclosure

CVE-2023-23926 MEDIUM

APOC <5.5.0, 4.4.0.14 - XSS

Previous Page 15 of 50 Next

Details

Vulnerabilities 1,250

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy