Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-611

CWE-611

Improper Restriction of XML External Entity Reference

Parent: CWE-610 - Externally Controlled Reference to a Resource in Another Sphere

The product processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output.

1,250 vulnerabilities with CWE-611

CVE-2024-54005 MEDIUM

Siemens COMOS PDMS/E3D Engineering Interface - XML External Entity File Disclosure

CVE-2024-49704 MEDIUM

Siemens COMOS Data Mapper and Engineering Adapters - XML External Entity File Disclosure

CVE-2024-47582 MEDIUM

SAP NetWeaver AS JAVA >=LM-CORE 7.50 <LM-CORE 7.50 - Unauthenticated XML External Entity Injection

CVE-2024-46455 CRITICAL

unstructured < 0.14.3 - XML External Entity Injection via XMLParser

CVE-2024-52806 HIGH

SimpleSAMLphp saml2 < 4.6.14 and 5.0.0-alpha.1-5.0.0-alpha.18 - XML External Entity Injection

CVE-2024-52596 HIGH

simplesamlphp/xml-common < 1.20.0 - XML External Entity Injection

CVE-2024-52800 LOW

veraPDF-library - XML External Entity Injection via Custom Schematron Policy Check

CVE-2024-9044 MEDIUM

Easy Tax Client Software <2023.1.2 - XSS

CVE-2024-53675 HIGH

HPE Insight Remote Support < 7.14.0.629 - XML External Entity Injection

CVE-2024-53674 HIGH

HPE Insight Remote Support < 7.14.0.629 - XML External Entity Injection

CVE-2024-11622 HIGH

HPE Insight Remote Support - Info Disclosure

CVE-2024-50848 MEDIUM

WorldServer 11.8.2 - XML External Entity Injection via Crafted TMX File

CVE-2024-48917 HIGH

PhpSpreadsheet < 1.29.4 - XML External Entity Injection via UTF-7 Encoding Bypass

CVE-2024-47873 HIGH

PhpSpreadsheet <1.9.4, <2.1.3, <2.3.2, <3.4.0 - XSS

CVE-2024-39726 HIGH

IBM Engineering Lifecycle Optimization - Engineering Insights 7.0.2 and 7.0.3 - XML External Entity Injection

CVE-2024-5919 MEDIUM

PAN-OS 10.1.0-10.1.9 - Authenticated XML External Entity Injection

CVE-2024-10218 CRITICAL

TIBCO Hawk/TIBCO Operational Intelligence - XSS

CVE-2024-52007 HIGH

HAPI FHIR - XML External Entity Injection

CVE-2024-10839 HIGH

ManageEngine SharePoint Manager Plus <= 4503 - Authenticated XML External Entity Injection in Management Option

CVE-2024-20531 MEDIUM

Cisco Identity Services Engine - Authenticated XML External Entity Injection and Server-Side Request Forgery via API

CVE-2024-51132 CRITICAL

HAPI FHIR < 6.4.0 - XML External Entity Injection via Crafted XML Request

CVE-2024-45086 MEDIUM

IBM WebSphere App Server <9.0 - XXE

CVE-2024-51136 CRITICAL

OpenIMAJ Dmoz2CSV - XML External Entity Injection

CVE-2024-50442 MEDIUM

Royal Elementor Addons <= 1.3.980 - XML External Entity Injection

CVE-2024-4690 HIGH

OpenText Application Automation Tools < 24.1.0 - XML External Entity Injection

Previous Page 8 of 50 Next

Details

Vulnerabilities 1,250

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy