Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-611

CWE-611

Improper Restriction of XML External Entity Reference

Parent: CWE-610 - Externally Controlled Reference to a Resource in Another Sphere

The product processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output.

1,250 vulnerabilities with CWE-611

CVE-2022-25209 HIGH

Jenkins Chef Sinatra Plugin < 1.20 - XML External Entity Injection

CVE-2022-21220 HIGH

Intel Quartus Prime Pro Edition < 21.3 - Authenticated XML External Entity Injection

CVE-2022-21205 HIGH

Intel Quartus Prime Pro Edition < 21.3 - XML External Entity Injection

CVE-2022-23031 MEDIUM

F5 BIG-IP Advanced WAF/ASM/FPS 14.1.0-14.1.4/15.1.0-15.1.4/16.1.0-16.1.1 - Authenticated XML External Entity Injection

CVE-2022-0219 MEDIUM

skylot/jadx <1.3.2 - XML External Entity Reference

CVE-2022-21282 MEDIUM

Oracle GraalVM Enterprise Edition 20.3.4 and 21.3.0 - Unauthenticated Data Exposure via JAXP

CVE-2022-0239 CRITICAL

Stanford CoreNLP <=4.3.2 - XML External Entity Injection

CVE-2022-0198 HIGH

Stanford CoreNLP <=4.3.2 - XML External Entity Injection

CVE-2021-22501 MEDIUM

OpenText Operations Bridge Manager - XXE

CVE-2021-1483 MEDIUM

Cisco SD-WAN vManage - Authenticated XML External Entity Injection via Crafted XML File Import

CVE-2021-3902 CRITICAL

dompdf < 2.0.0 - XML External Entity Injection via SVG Parser

CVE-2021-47621 HIGH

ClassGraph < 4.8.112 - XML External Entity Injection

CVE-2021-33950 HIGH

OpenKM 6.3.10 - XML External Entity Information Disclosure via XMLTextExtractor

CVE-2021-4311 MEDIUM

Talend Open Studio for MDM - XML External Entity Reference

CVE-2021-4295 MEDIUM

ONC code-validator-api <1.0.30 - XML External Entity Reference

CVE-2021-42537 MEDIUM

VISAM VBASE 11.6.0.6 - XML External Entity Injection

CVE-2021-41042 MEDIUM

Eclipse Lyo 1.0.0-4.1.0 - XML External Entity Injection via RDF/XML TransformerFactory

CVE-2021-40510 HIGH

OBDA systems' Mastro 1.0 - Info Disclosure

CVE-2021-45024 CRITICAL

ASG-Zena Cross Platform Server Enterprise Edition 4.2.1 - XML External Entity Injection

CVE-2021-41411 CRITICAL

Drools < 7.60.0.Final - XML External Entity Injection in KieModuleMarshaller

CVE-2021-45981 CRITICAL

NetScout nGeniusONE 6.3.2 - XML External Entity Injection

CVE-2021-27777 HIGH

HCL Unica < 12.1.1 - XML External Entity Injection

CVE-2021-42646 CRITICAL

WSO2 API Manager/IS/Identity Server XML External Entity Injection

CVE-2021-23792 HIGH

twelvemonkeys < 3.7.1 - XML External Entity Injection via XMP Metadata Parser

CVE-2021-43990 MEDIUM

FANUC ROBOGUIDE <= 9.40083.00.05 - XML External Entity Reference

Previous Page 21 of 50 Next

Details

Vulnerabilities 1,250

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy