Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-611

CWE-611

Improper Restriction of XML External Entity Reference

Parent: CWE-610 - Externally Controlled Reference to a Resource in Another Sphere

The product processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output.

1,250 vulnerabilities with CWE-611

CVE-2022-45468 MEDIUM

VISAM VBASE Automation Base < 11.7.5 - XML External Entity Injection

CVE-2022-45121 MEDIUM

VISAM VBASE Automation Base < 11.7.5 - XML External Entity Injection

CVE-2022-43512 MEDIUM

VISAM VBASE Automation Base <11.7.5 - Info Disclosure

CVE-2022-41696 MEDIUM

VISAM VBASE Automation Base <11.7.5 - Info Disclosure

CVE-2022-39954 HIGH

FortiNAC 8.3.7-9.4.1 - XML External Entity Injection via Crafted XML Documents

CVE-2022-45588 HIGH

Talend Remote Engine Gen 2 < R2022-09 - Authenticated XML External Entity Injection

CVE-2022-38389 HIGH

IBM Tivoli Workload Scheduler <10.1 - XXE

CVE-2022-22486 CRITICAL

IBM Tivoli Workload Scheduler <10.1 - XXE

CVE-2022-47873 CRITICAL

Netcad KEOS 1.0 - XML External Entity Injection

CVE-2022-4818 MEDIUM

Talend Open Studio for MDM <20221220_1938 - XML External Entity Ref...

CVE-2022-41967 HIGH

Dragonfly 0.3.0-SNAPSHOT - XML External Entity Injection

CVE-2022-4607 MEDIUM

3D City Database OGC Web Feature Service <5.2.0 - XML External Enti...

CVE-2022-47514 HIGH

XML-RPC.NET <2.5.0 - XML External Entity Injection via pingback.aspx

CVE-2022-25628 HIGH

Symantec Identity Manager 14.4 - Authenticated XML External Entity Injection in Management Console

CVE-2022-37911 LOW

ArubaOS 6.5.4.0-6.5.4.21 and SD-WAN 8.7.0.0-2.3.0.0-8.7.0.0-2.3.0.5 - Authenticated XML External Entity Injection

CVE-2022-46682 CRITICAL

Jenkins Plot Plugin < 2.1.12 - XML External Entity Injection

CVE-2022-46827 LOW

JetBrains IntelliJ IDEA <2022.3 - SSRF

CVE-2022-45326 MEDIUM

Kwoksys Information Server < 2.9.5.SP31 - Authenticated XML External Entity Injection

CVE-2022-40771 MEDIUM

Zoho ManageEngine ServiceDesk Plus <= 13010 - XML External Entity Injection

CVE-2022-3980 CRITICAL

Sophos Mobile 5.0.0-9.7.4 - XML External Entity Injection

CVE-2022-20938 MEDIUM

Cisco Firepower Management Center - XML External Entity Injection via Module Import

CVE-2022-45400 CRITICAL

Jenkins JAPEX Plugin < 1.7 - XML External Entity Injection

CVE-2022-45397 CRITICAL

Jenkins OSF Builder Suite : : XML Linter Plugin < 1.0.2 - XML External Entity Injection

CVE-2022-45396 CRITICAL

Jenkins SourceMonitor Plugin < 0.2 - XML External Entity Injection

CVE-2022-45395 CRITICAL

Jenkins CCCC Plugin < 0.6 - XML External Entity Injection

Previous Page 17 of 50 Next

Details

Vulnerabilities 1,250

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy