Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-611

CWE-611

Improper Restriction of XML External Entity Reference

Parent: CWE-610 - Externally Controlled Reference to a Resource in Another Sphere

The product processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output.

1,250 vulnerabilities with CWE-611

CVE-2025-2777 CRITICAL

SysAid On-Prem <= 23.3.40 - XML External Entity

CVE-2025-2776 CRITICAL KEV

SysAid On-Prem <= 23.3.40 - XML External Entity

CVE-2025-2775 CRITICAL KEV

SysAid On-Prem <= 23.3.40 - XML External Entity

CVE-2025-22478 HIGH

Dell Storage Manager 20.1.20 - Unauthenticated XML External Entity Injection

CVE-2025-46726 CRITICAL

langroid < 0.53.4 - XML External Entity Injection via XMLToolMessage

CVE-2025-2905 CRITICAL

WSO2 API Manager < 2.0.0 and am-distribution-parent < 2.1.0 - XML External Entity Injection

CVE-2025-34490 MEDIUM

GFI MailEssentials < 21.8 - Authenticated XML External Entity Injection

CVE-2025-2070 MEDIUM

FileZ Client < 11.0.0.10 - XML External Entity Injection via Crafted URL

CVE-2025-24911 MEDIUM

Hitachi Vantara Pentaho Business Analytics Server <9.3.* & 10.0-10.2.0.2 - XXE in Data Access XMLParserFactoryProducer

CVE-2025-24910 MEDIUM

Hitachi Vantara Pentaho Business Analytics Server <9.3.* & 10.0-10.2.0.2 - XXE Injection

CVE-2025-31497 HIGH

TEIGarage < 1.2.4 - XML External Entity Injection in Document Conversion Service

CVE-2025-32406 HIGH

NAKIVO Backup & Replication <11.0.2 - XSS

CVE-2025-32138 MEDIUM

Supsystic Easy Google Maps <1.11.17 - XML Injection

CVE-2025-3241 MEDIUM

zhangyanbo2007 youkefu <4.2.0 - SSRF

CVE-2025-31487 HIGH

XWiki JIRA Extension 4.2-8.5.6 - Authenticated XML External Entity Injection via JIRA Macro

CVE-2025-1781 MEDIUM

W3CSS Validator <cssval-20250226 - SSRF

CVE-2025-29932 MEDIUM

JetBrains GoLand < 2025.1 - XML External Entity Injection during Debugging

CVE-2025-25036 MEDIUM

Jalios JPlatform <10.0.8 - XML Injection

CVE-2025-2365 MEDIUM

crmeb_java <= 1.3.4 - XML External Entity Injection in WeChatMessageController

CVE-2025-27136 MEDIUM

LocalS3 < 1.21 - XML External Entity Injection via Bucket Creation Endpoint

CVE-2025-0162 HIGH

IBM Aspera Shares <1.10.0 PL7 - XXE

CVE-2025-24521 MEDIUM

XML Entity Injection - Info Disclosure

CVE-2025-1225 MEDIUM

ywoa <2024.07.03 - XML External Entity Reference

CVE-2025-23195 HIGH

Apache Ambari < 2.7.9 - XML External Entity Injection via DocumentBuilderFactory

CVE-2024-13971 HIGH

Arbitrary File Read and Server Side Request Forgery via XML External Entities in Lobster_pro

Previous Page 6 of 50 Next

Details

Vulnerabilities 1,250

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy