Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-611

CWE-611

Improper Restriction of XML External Entity Reference

Parent: CWE-610 - Externally Controlled Reference to a Resource in Another Sphere

The product processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output.

1,250 vulnerabilities with CWE-611

CVE-2022-2330 MEDIUM

DLP Endpoint for Windows <11.9.100 - SSRF

CVE-2022-0217 HIGH

prosody < 0.11.12 - XML External Entity Injection via libexpat Library

CVE-2022-22489 CRITICAL

IBM MQ 8.0 and 9.0-9.2 - XML External Entity Information Disclosure

CVE-2022-2838 MEDIUM

Eclipse Sphinx <0.13.1 - Info Disclosure

CVE-2022-2458 HIGH

Red Hat Process Automation Manager < 7.13.1 - XML External Entity Injection in Business Central and Kie-Server APIs

CVE-2022-1704 HIGH

Ignition 7.9.0-7.9.21 - XML External Entity Injection in Backup Restore Functionality

CVE-2022-31775 CRITICAL

IBM DataPower Gateway XML External Entity Injection

CVE-2022-2414 HIGH

Dogtag PKI - XML External Entity File Disclosure via Crafted HTTP Request

CVE-2022-27873 HIGH

Autodesk Fusion 360 < 2.0.12887 - Server-Side Request Forgery via SVG File Parsing

CVE-2022-31471 HIGH

untangle < 1.2.0 - XML External Entity Injection

CVE-2022-2131 HIGH

OpenKM < 6.3.10 - XML External Entity Injection in XMLTextExtractor

CVE-2022-32458 HIGH

Digiwin Business Process Management < 5.8.8.1 - Unauthenticated XML External Entity Injection

CVE-2022-34001 MEDIUM

Unit4 ERP < 7.9 - XML External Entity Injection via ExecuteServerProcessAsynchronously

CVE-2022-22358 HIGH

IBM Sterling Partner Engagement Manager <6.1.2, 6.2, 22.2 - XXE

CVE-2022-35741 CRITICAL

Apache CloudStack >=4.5.0 - XXE Injection

CVE-2022-35168 HIGH

SAP Business One 10.0 - Denial of Service via XML External Entity Injection

CVE-2022-34793 HIGH

Jenkins Recipe Plugin < 1.2 - XML External Entity Injection

CVE-2022-23170 MEDIUM

SysAid Okta SSO 22.1.49-22.1.63 - Unauthenticated XML External Entity Injection via SAMLRequest Parameter

CVE-2022-32285 HIGH

Mendix SAML Module < 1.16.6 - XML External Entity Injection

CVE-2022-31447 HIGH

magicpin 3.4 - XML External Entity Injection via SVG File

CVE-2022-22977 HIGH

VMware Tools 10.0.0-10.3.24 - XML External Entity Injection

CVE-2022-31261 HIGH

Morpheus < 5.2.16 and 5.4.x through 5.4.4 - XML External Entity Injection via SAML Callback

CVE-2022-29801 HIGH

Teamcenter V12.4 < V12.4.0.13 and V13.0 < V13.0.0.9 - XML External Entity Injection

CVE-2022-30971 HIGH

Jenkins Storable Configs Plugin <1.0 - XXE

CVE-2022-22774 HIGH

TIBCO Managed File Transfer Command Center and Internet Server < 8.3.2 - Unauthenticated XML External Entity Injection

Previous Page 19 of 50 Next

Details

Vulnerabilities 1,250

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy