Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-611

CWE-611

Improper Restriction of XML External Entity Reference

Parent: CWE-610 - Externally Controlled Reference to a Resource in Another Sphere

The product processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output.

1,250 vulnerabilities with CWE-611

CVE-2024-39847 HIGH

Arbitrary File Read and Server Side Request Forgery via XML External Entities in 4D Server SOAP

CVE-2024-8010 LOW

XML External Entity Injection via Publisher in WSO2 API Manager Allows Reading Arbitrary Files

CVE-2024-2374 HIGH

XML External Entity Injection in Multiple WSO2 Products Allows Arbitrary file read and Denial of Service

CVE-2024-58335 MEDIUM

OpenXRechnungToolbox <6c50e89 - XML External Entity

CVE-2024-34711 CRITICAL

GeoServer < 2.25.0 - XML External Entity Injection via URI Validation Bypass

CVE-2024-51445 MEDIUM

Polarion ALM V2310 and V2404 < V2404.4 - Authenticated XML External Entity Injection in Docx Import Feature

CVE-2024-49781 HIGH

IBM OpenPages with Watson 8.3 and 9.0 - XML External Entity Injection

CVE-2024-25066 MEDIUM

RSA Authentication Manager <8.7 SP2 - XSS

CVE-2024-54171 HIGH

IBM EntireX 11.1 - Authenticated XML External Entity Injection

CVE-2024-49352 HIGH

IBM Cognos Analytics 11.2.0-11.2.4, 12.0.0-12.0.4 - XML External Entity Injection

CVE-2024-52807 HIGH

HL7 FHIR IG Publisher < 1.7.4 - XML External Entity Injection via XSLT Transforms

CVE-2024-42185 LOW

BigFix Patch Download Plug-ins - Code Injection

CVE-2024-12476 HIGH

Web Designer <unknown - Info Disclosure/Remote Code Execution

CVE-2024-12298 MEDIUM

NB-series NX-Designer - Info Disclosure

CVE-2024-46603 HIGH

Elspec Engineering G5 Digital Fault Recorder Firmware < 1.2.2.19 - Denial of Service via XML External Entity Injection

CVE-2024-46602 HIGH

Elspec G5 Digital Fault Recorder < 1.2.2.19 - XML External Entity Injection via Crafted XML Payload

CVE-2024-56324 HIGH

GoCD < 24.5.0 - Authenticated XML External Entity Injection via Group Admin Raw XML Configuration

CVE-2024-56322 HIGH

GoCD 16.7.0-24.4.0 - Authenticated XML External Entity Injection via Configuration Repository

CVE-2024-40896 CRITICAL

libxml2 2.11.0-2.11.8, 2.12.0-2.12.8, 2.13.0-2.13.2 - XML External Entity Injection via SAX Parser

CVE-2024-56356 MEDIUM

JetBrains TeamCity < 2024.12 - XML External Entity Injection via Insecure XML Parser Configuration

CVE-2024-55081 CRITICAL

Chat2DB 0.3.5 - XML External Entity Injection via /datagrip/upload

CVE-2024-55887 HIGH

Ucum-java < 1.0.9 - XML External Entity Injection in UcumEssenceService

CVE-2024-55875 CRITICAL

http4k-format-xml 5.0.0.0-5.41.0.0 - XML External Entity Injection

CVE-2024-49064 MEDIUM

Microsoft SharePoint Server - XML External Entity Injection

CVE-2024-49535 MEDIUM

Adobe Acrobat and Reader < 20.005.30748 and < 24.005.20320 - XML External Entity Injection

Previous Page 7 of 50 Next

Details

Vulnerabilities 1,250

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy