Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-611

CWE-611

Improper Restriction of XML External Entity Reference

Parent: CWE-610 - Externally Controlled Reference to a Resource in Another Sphere

The product processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output.

1,250 vulnerabilities with CWE-611

CVE-2025-52162 MEDIUM

Agorum core open 11.9.2 & 11.10.1 - XML External Entity Injection via RSSReader Endpoint

CVE-2025-53621 MEDIUM

DSpace < 7.6.4, 8.0-8.2, 9.0-9.1 - XML External Entity Injection in Archive Import and External Service Responses

CVE-2025-53689 HIGH

Apache Jackrabbit <2.23.2 - Blind XXE

CVE-2025-7523 HIGH

Jinher OA 1.0 - XML External Entity Reference

CVE-2025-6438 MEDIUM

SOAP API - XML External Entity Injection

CVE-2025-49544 MEDIUM

ColdFusion <= 2025.2, 2023.14, 2021.20 - Authenticated XML External Entity Injection

CVE-2025-49539 MEDIUM

ColdFusion <= 2025.2, 2023.14, 2021.20 - XML External Entity Injection

CVE-2025-49535 CRITICAL

ColdFusion 2025.2 2023.14 2021.20 - XML External Entity Injection

CVE-2025-49493 MEDIUM

Akamai CloudTest <60 - XXE Injection

CVE-2025-52888 HIGH

Allure 2 xunit-xml-plugin < 2.34.1 - XML External Entity Injection via Unsafe DocumentBuilderFactory Configuration

CVE-2025-47293 LOW

PowSyBl < 6.7.2 - XML External Entity Injection and Server-Side Request Forgery via XmlReader

CVE-2025-33121 HIGH

IBM QRadar SIEM 7.5 to 7.5.0-12 - XML External Entity Injection

CVE-2025-36049 HIGH

IBM webMethods Integration Server 10.5, 10.7, 10.11, 10.15 - Authenticated XML External Entity Injection

CVE-2025-44044 HIGH

Keyoti SearchUnit < 9.0.0 - XML External Entity Injection

CVE-2025-30220 CRITICAL

GeoServer WFS - XXE Processing Vulnerability

CVE-2025-31039 CRITICAL

pixelgrade Category Icon <1.0.2 - SSRF

CVE-2025-5877 MEDIUM

Feng Office 3.2.2.1 - XML External Entity Injection in Document Upload Handler

CVE-2025-48882 HIGH

PHPOffice Math < 0.3.0 - XML External Entity Injection via libxml DTDLOAD Flag

CVE-2025-4338 MEDIUM

Lantronix Device Installer < 4.4.0.7 - XML External Entity Injection in Configuration Files

CVE-2025-4949 MEDIUM

Eclipse JGit < 5.13.4 and 7.2.0.202503040940-r-7.2.1.202505142326-r - XXE in ManifestParser and AmazonS3

CVE-2025-27523 HIGH

Hitachi JP1/IT Desktop Management 2 - Smart Device Manager <12-00-0...

CVE-2025-4641 CRITICAL

bonigarcia webdrivermanager <6.0.2 - SSRF

CVE-2025-4639 HIGH

Peergos <1.1.0 - XML External Entity Reference

CVE-2025-47778 MEDIUM

Sulu 2.5.21-2.5.24, 2.6.5-2.6.8, 3.0.0-alpha1-3.0.0-alpha2 - XML External Entity Injection via SVG Upload

CVE-2025-30018 HIGH

SAP Supplier Relationship Management - Unauthenticated XML External Entity Injection via Live Auction Cockpit

Previous Page 5 of 50 Next

Details

Vulnerabilities 1,250

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy