Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-611

CWE-611

Improper Restriction of XML External Entity Reference

Parent: CWE-610 - Externally Controlled Reference to a Resource in Another Sphere

The product processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output.

1,250 vulnerabilities with CWE-611

CVE-2021-23418 MEDIUM

glances < 3.2.1 - XML External Entity Injection via Fault XML Parser

CVE-2021-20399 CRITICAL

IBM QRadar SIEM 7.3-7.4.3 GA - XML External Entity Information Disclosure

CVE-2021-22523 HIGH

Micro Focus Verastream Host Integrator <7.8.1 - SSRF

CVE-2021-2401 MEDIUM

Oracle BI Publisher <12.2.1.4.0 - Info Disclosure

CVE-2021-20595 HIGH

Mitsubishi Electric Air Conditioning Systems - XML External Entity Injection

CVE-2021-32754 MEDIUM

FlowDroid < 2.9.0 - XML External Entity Injection via Source/Sink Definition File

CVE-2021-30201 HIGH

Kaseya VSA < 9.5.6 - XML External Entity Injection via KaseyaWS.asmx API

CVE-2021-32972 MEDIUM

Panasonic FPWIN Pro <7.5.1.1 - Info Disclosure

CVE-2021-21672 MEDIUM

Jenkins Selenium HTML Report Plugin <= 1.0 - XML External Entity Injection

CVE-2021-25951 HIGH

XML2Dict 0.2.2 - XML External Entity Denial of Service

CVE-2021-22338 MEDIUM

Huawei eCNS280 V100R005C00 and V100R005C10 - XML External Entity Injection

CVE-2021-29620 HIGH

ReportPortal service-api 3.1.0-5.3.9 - XML External Entity Injection via Imported XML File

CVE-2021-35066 CRITICAL

ConnectWise Automate <2021.0.6.132 - XSS

CVE-2021-28684 MEDIUM

PowerArchiver < 20.10.02 - XML External Entity Injection

CVE-2021-33813 HIGH

JDOM < 2.0.6 - XML External Entity Injection via SAXBuilder

CVE-2021-27635 MEDIUM

SAP NetWeaver AS for JAVA - Info Disclosure

CVE-2021-27492 MEDIUM

KeyShot <v10.1 - Info Disclosure

CVE-2021-20492 HIGH

IBM WebSphere Application Server <9.0 - XXE

CVE-2021-32925 MEDIUM

Chamilo 1.11.0-1.11.15 - Authenticated XML External Entity Injection in User Import

CVE-2021-22140 HIGH

Elastic App Search 7.11.0-7.11.9 - XML External Entity Injection via Web Crawler Sitemap Processing

CVE-2021-30006 HIGH

IntelliJ IDEA <2020.3.3 - Info Disclosure

CVE-2021-1530 MEDIUM

Cisco BroadWorks Messaging Server - XML External Entity Injection via XML File Upload

CVE-2021-1369 MEDIUM

Cisco Firepower Device Manager < 6.5.0.5 - Authenticated XML External Entity Injection via REST API

CVE-2021-29140 HIGH

Aruba ClearPass 6.7.0-6.7.13 - XML External Entity Injection

CVE-2021-25163 HIGH

Aruba AirWave < 8.2.12.1 - XML External Entity Injection

Previous Page 24 of 50 Next

Details

Vulnerabilities 1,250

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy