Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-611

CWE-611

Improper Restriction of XML External Entity Reference

Parent: CWE-610 - Externally Controlled Reference to a Resource in Another Sphere

The product processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output.

1,250 vulnerabilities with CWE-611

CVE-2021-20801 MEDIUM

Cybozu Remote Service 3.1.8-3.1.9 - Authenticated XML External Entity Injection

CVE-2021-35496 HIGH

TIBCO JasperReports Server - Path Traversal

CVE-2021-40500 HIGH

SAP BusinessObjects Business Intelligence Platform 420 430 - Unauthenticated XML External Entity Injection

CVE-2021-3312 MEDIUM

Alkacon OpenCms 11.0-11.0.2 - Authenticated XML External Entity Injection via SVG Upload

CVE-2021-38298 CRITICAL

Zoho ManageEngine ADManager Plus <7110 - Blind XSS

CVE-2021-40439 MEDIUM

Apache OpenOffice < 4.1.10 - XML External Entity Injection via Crafted ODF Files

CVE-2021-41770 HIGH

PingFederate < 10.3.1 - XML External Entity Injection via Pre-Parsing Validation

CVE-2021-34706 MEDIUM

Cisco Identity Services Engine - XML External Entity Injection via Crafted XML File Upload

CVE-2021-35201 MEDIUM

NETSCOUT nGeniusONE 6.3.0 build 1196 - XML External Entity Injection

CVE-2021-41098 HIGH

Nokogiri < 1.12.5 - XML External Entity Injection in SAX Parser on JRuby

CVE-2021-29831 HIGH

IBM Jazz for Service Management 1.1.3.10 and Tivoli Netcool/OMNIbus_GUI - XML External Entity Injection

CVE-2021-39239 HIGH

Apache Jena < 4.1.0 - XML External Entity Injection

CVE-2021-30137 HIGH

Assyst 10 SP7.5 - Authenticated XSS

CVE-2021-40356 HIGH

Teamcenter 12.4-13.2 - XML External Entity File Disclosure

CVE-2021-38555 CRITICAL

Apache Any23 < 2.5 - XML External Entity Injection in StreamUtils.java

CVE-2021-3055 MEDIUM

Palo Alto Networks PAN-OS <8.1 - RCE, DoS

CVE-2021-34436 CRITICAL

Eclipse Theia 0.1.1-0.2.0 - Remote Code Execution and XML External Entity Injection via theia-xml-extension

CVE-2021-21680 HIGH

Jenkins Nested View Plugin < 1.20 - XML External Entity Injection

CVE-2021-39371 HIGH

Osgeo Owslib < 4.4.5 - XXE

CVE-2021-34823 CRITICAL

ON24 ScreenShare < 2.0 - Unauthenticated XML External Entity Injection via HTTP Server

CVE-2021-27741 CRITICAL

HCL Commerce Management Center - XXE Injection

CVE-2021-38584 HIGH

cPanel < 98.0.1 - XML External Entity Injection in WHM Locale Upload Feature

CVE-2021-37425 CRITICAL

Altova MobileTogether Server < 7.3 SP1 - XML External Entity Injection via Workflow Management Endpoint

CVE-2021-37178 MEDIUM

Solid Edge SE2021 < SE2021MP7 - XML External Entity Injection via XML Parser

CVE-2021-1630 HIGH

Mule 3.0.0-4.2.9 - XML External Entity Injection

Previous Page 23 of 50 Next

Details

Vulnerabilities 1,250

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy