Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-611

CWE-611

Improper Restriction of XML External Entity Reference

Parent: CWE-610 - Externally Controlled Reference to a Resource in Another Sphere

The product processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output.

1,250 vulnerabilities with CWE-611

CVE-2022-28890 CRITICAL

Apache Jena <4.4.0 - Info Disclosure

CVE-2022-29943 MEDIUM

Talend Administration Center - Authenticated XML External Entity Injection

CVE-2022-20780 CRITICAL

Cisco Enterprise NFV Infrastructure Software < 4.7.1 - Unauthenticated Command Injection and Data Leak

CVE-2022-1331 MEDIUM

DMARS < 2.1.10.24 - XML External Entity Injection in Project File Processing

CVE-2022-21949 HIGH

SUSE Open Build Service <2.10.13 - Info Disclosure

CVE-2022-29265 HIGH

Apache NiFi 0.0.1-1.16.0 - XML External Entity Injection in Standard Content Viewer and Processors

CVE-2022-24449 CRITICAL

Solar appScreener <= 3.10.4 - XML External Entity Injection and Server-Side Request Forgery via Crafted XML Document

CVE-2022-24898 MEDIUM

XWiki Commons 2.7-12.10.9, 13.0-13.4.3, 13.5-13.7.9 - XML External Entity Injection via XML Script Service

CVE-2022-0272 CRITICAL

detekt < 1.20.0 - XML External Entity Injection

CVE-2022-0221 MEDIUM

SCADAPack Workbench <6.6.8a - Info Disclosure

CVE-2022-28219 CRITICAL

ManageEngine ADAudit Plus CVE-2022-28219

CVE-2022-1018 MEDIUM

Rockwell Automation Connected Components Workbench < 12.0 - XML External Entity Injection via Malicious Solution File

CVE-2022-28155 HIGH

Jenkins Pipeline: Phoenix AutoTest Plugin < 1.3 - XML External Entity Injection

CVE-2022-28154 HIGH

Jenkins Coverage/Complexity Scatter Plot Plugin < 1.1.1 - XML External Entity Injection

CVE-2022-28140 HIGH

Jenkins Flaky Test Handler Plugin < 1.2.1 - XML External Entity Injection

CVE-2022-0861 LOW

McAfee ePolicy Orchestrator < 5.10.0 - Authenticated XML External Entity Injection via Extension Import

CVE-2022-27193 MEDIUM

CVRF-CSAF-Converter < 1.0.0-rc2 - XML External Entity Injection

CVE-2022-26661 MEDIUM

Tryton Application Platform <6.2.5-6.2.1 - XXE

CVE-2022-22835 MEDIUM

OverIT Geocall < 8.0 - Authenticated XML External Entity Injection via Test Trasformazione XSL

CVE-2022-22795 MEDIUM

Signiant Manager+Agents - XML External Entity Injection

CVE-2022-25312 CRITICAL

Apache Any23 < 2.7 - XML External Entity Injection in RDFa XSLTStylesheet Extractor

CVE-2022-0839 CRITICAL

liquibase < 4.8.0 - XML External Entity Injection

CVE-2022-0265 CRITICAL

GitHub hazelcast/hazelcast <5.1-BETA-1 - SSRF

CVE-2022-23640 CRITICAL

excel_streaming_reader < 2.1.0 - XML External Entity Injection

CVE-2022-24340 CRITICAL

JetBrains TeamCity <2021.2.1 - Info Disclosure

Previous Page 20 of 50 Next

Details

Vulnerabilities 1,250

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy