Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-611

CWE-611

Improper Restriction of XML External Entity Reference

Parent: CWE-610 - Externally Controlled Reference to a Resource in Another Sphere

The product processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output.

1,250 vulnerabilities with CWE-611

CVE-2023-22377 HIGH

tsClinical Define.xml Generator <1.4.0 - XXE

CVE-2023-24187 HIGH

ureport v2.2.9 - XML External Entity Injection via Report File Upload

CVE-2023-22832 HIGH

Apache NiFi 1.2.0-1.19.1 - XML External Entity Injection in ExtractCCDAAttributes Processor

CVE-2023-24323 HIGH

mojoportal v2.7 - Authenticated XML External Entity Injection

CVE-2023-22322 MEDIUM

OMRON CX-Motion Pro <1.4.6.013 - Info Disclosure

CVE-2023-24443 CRITICAL

Jenkins TestComplete support Plugin <2.8.1 - XXE

CVE-2023-24441 CRITICAL

Jenkins MSTest Plugin < 1.0.0 - XML External Entity Injection

CVE-2023-24430 CRITICAL

Jenkins Semantic Versioning Plugin <1.14 - XXE

CVE-2023-24429 CRITICAL

Jenkins Semantic Versioning Plugin <1.14 - SSRF

CVE-2023-21862 HIGH

Oracle Fusion Middleware 12.2.1.4.0 - Unauthenticated RCE

CVE-2023-22624 HIGH

ManageEngine Exchange Reporter Plus < 5708 - XML External Entity Injection

CVE-2023-23595 HIGH

BlueCat Device Registration Portal 2.2 - XML External Entity Injection

CVE-2022-50899 MEDIUM

GeoNetwork 3.10-4.2.0 - XML External Entity Injection via PDF Rendering

CVE-2022-34832 MEDIUM

VERMEG AgileReporter 21.3 - XML External Entity Injection in Analysis Component

CVE-2022-32755 MEDIUM

IBM Security Directory Server 6.4.0 - XML External Entity Injection

CVE-2022-4245 MEDIUM

plexus-utils < 3.0.24 - XML External Entity Injection via Unsanitized Comment Handling

CVE-2022-48565 CRITICAL

Python < 3.6.13 - XML External Entity Injection in plistlib Module

CVE-2022-46751 HIGH

Apache Ivy < 2.5.2 - XML External Entity Injection via DTD Processing

CVE-2022-41221 HIGH

OpenText Archive Center Administration <21.2 - XSS

CVE-2022-45876 MEDIUM

VISAM VBASE < 11.7.5 - XML External Entity Injection

CVE-2022-38840 HIGH

Gralp MAN-EAM-0003 3.2.4 - XML External Entity Injection via XML File Upload

CVE-2022-43941 HIGH

Hitachi Vantara Pentaho Business Analytics Server <9.4.0.1-9.3.0.2 ...

CVE-2022-43473 MEDIUM

ManageEngine OpManager <12.6.168 - SSRF

CVE-2022-36969 HIGH

AVEVA Edge < 2020.2.00.40 - XML External Entity Injection via LoadImportedLibraries Method

CVE-2022-46300 MEDIUM

VISAM VBASE Automation Base <11.7.5 - Info Disclosure

Previous Page 16 of 50 Next

Details

Vulnerabilities 1,250

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy