Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-611

CWE-611

Improper Restriction of XML External Entity Reference

Parent: CWE-610 - Externally Controlled Reference to a Resource in Another Sphere

The product processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output.

1,250 vulnerabilities with CWE-611

CVE-2022-45386 MEDIUM

Jenkins Violations Plugin < 0.7.11 - XML External Entity Injection

CVE-2022-43689 MEDIUM

Concrete CMS <8.5.10, 9.0.0-9.1.2 - Info Disclosure

CVE-2022-45194 LOW

CBRN-Analysis < 22 - XML External Entity Injection via mws XML Document

CVE-2022-43570 HIGH

Splunk Enterprise <8.1.12-9.0.2 - XML External Entity Injection

CVE-2022-3340 MEDIUM

Trellix IPS Manager < 10.1 Authenticated XXE via Configuration Import

CVE-2022-42745 HIGH

CandidATS 3.0.0 - XML External Entity Injection

CVE-2022-40747 CRITICAL

IBM InfoSphere Information Server 11.7 - XML External Entity Injection

CVE-2022-31678 CRITICAL

VMware Cloud Foundation < 3.11 and NSX Data Center < 6.4.14 - XML External Entity Injection

CVE-2022-43430 HIGH

Jenkins Compuware Topaz for Total Test Plugin <2.4.8 - XXE

CVE-2022-43415 HIGH

Jenkins REPO Plugin < 1.16.0 - XML External Entity Injection

CVE-2022-3338 MEDIUM

Trellix ePolicy Orchestrator <5.10 Update 14 - XXE to Server-Side Request Forgery

CVE-2022-42341 HIGH

Adobe ColdFusion Update 14 and earlier - XML External Entity Injection

CVE-2022-38419 HIGH

Adobe ColdFusion Update 14 and earlier - XML External Entity Injection

CVE-2022-42307 MEDIUM

Veritas NetBackup < 10.0.0.1 - XML External Entity Injection via DiscoveryService

CVE-2022-42301 MEDIUM

Veritas NetBackup < 10.0.0.1 - XML External Entity Injection via nbars Process

CVE-2022-34348 HIGH

IBM Sterling Partner Engagement Manager 2.0-6.1.2.6 - XML External Entity Injection

CVE-2022-40705 HIGH

Apache SOAP >= 2.2 - XML External Entity Injection in RPCRouterServlet

CVE-2022-41241 CRITICAL

Jenkins RQM Plugin < 2.8 - XML External Entity Injection

CVE-2022-41226 CRITICAL

Jenkins Compuware Common Configuration Plugin <1.0.14 - XXE

CVE-2022-38342 HIGH

Safe Software FME Server <2022.0.0.2 - SSRF

CVE-2022-1700 HIGH

Forcepoint Policy Engine - XML External Entity Injection via Improper Parser Configuration

CVE-2022-39135 CRITICAL

Apache Calcite 1.22.0-1.31.0 - XML External Entity Injection via SQL Operators

CVE-2022-37189 HIGH

DDMAL MEI2Volpiano < 0.8.2 - XML External Entity Injection via xml.etree Library

CVE-2022-36773 HIGH

IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 - XML External Entity Injection

CVE-2022-2759 MEDIUM

Delta Robot Automation Studio < 1.13.20 - XML External Entity Injection

Previous Page 18 of 50 Next

Details

Vulnerabilities 1,250

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy