Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-611

CWE-611

Improper Restriction of XML External Entity Reference

Parent: CWE-610 - Externally Controlled Reference to a Resource in Another Sphere

The product processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output.

1,250 vulnerabilities with CWE-611

CVE-2024-4189 HIGH

OpenText Application Automation Tools < 24.1.0 - XML External Entity Injection

CVE-2024-4184 HIGH

OpenText Application Automation Tools < 24.1.0 - XML External Entity Injection

CVE-2024-45072 MEDIUM

IBM WebSphere App Server 8.5-9.0 - XXE

CVE-2024-21255 HIGH

Oracle PeopleSoft Enterprise PeopleTools 8.59-8.61 - XML External Entity Injection in XMLPublisher

CVE-2024-8602 MEDIUM

taxstatement.jar 2.2.2 and 2.2.4 - XML External Entity Injection

CVE-2024-28168 HIGH

Apache XML Graphics FOP 2.9 - XML External Entity Injection

CVE-2024-39586 LOW

Dell EMC AppSync 4.3-4.6 - XML External Entity Injection

CVE-2024-45293 HIGH

PHPSpreadsheet <1.29.1, >=2.2.0 <2.3.0 - XML External Entity Injection via Whitespace Bypass

CVE-2024-45745 MEDIUM

TopBraid EDG < 8.0.1 - Authenticated XML External Entity Injection via DTD File Upload

CVE-2024-46985 HIGH

DataEase < 2.10.1 - XML External Entity Injection via Static Resource Upload

CVE-2024-46984 HIGH

gematik reference_validator < 2.5.1 - XML External Entity Injection via Woodstox WstxInputFactory

CVE-2024-7098 CRITICAL

SFS ww.Winsure < 4.6.2 - XML External Entity Injection

CVE-2024-37397 HIGH

Ivanti Endpoint Manager < 2022 SU6 - Unauthenticated XML External Entity Injection

CVE-2024-45294 HIGH

HL7 FHIR Core <6.3.23 - XML External Entity Injection

CVE-2024-45490 HIGH

libexpat < 2.6.3 - Integer Overflow via Negative Length in XML_ParseBuffer

CVE-2024-45048 HIGH

PHPSpreadsheet < 1.29.1 - XML External Entity Injection via Filter Bypass

CVE-2024-22218 HIGH

Terminalfour 8.0.0001-8.3.18 & XML JDBC 1.0.4 - RCE

CVE-2024-38653 HIGH

Ivanti Avalanche 6.3.1 - Info Disclosure

CVE-2024-6893 HIGH

Journyx soap_cgi.pyc - XML External Entity Reference

CVE-2024-3930 MEDIUM

Akana API Platform < 2024.1.0 - XML External Entity Injection

CVE-2024-40075 MEDIUM

Laravel 11.x - XML External Entity Injection

CVE-2024-6961 MEDIUM

guardrails-ai < 0.5.0 - XML External Entity Injection in RAIL Document Parser

CVE-2024-5625 MEDIUM

PruvaSoft Informatics Apinizer Mgmt Console <2024.05.1 - SSRF

CVE-2024-38374 HIGH

cyclonedx-core-java 2.1.0-9.0.3 - XML External Entity Injection via XPath Expression Evaluation

CVE-2024-34102 CRITICAL KEV

Adobe Commerce and Magento - XML External Entity Injection to Code Execution

Previous Page 9 of 50 Next

Details

Vulnerabilities 1,250

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy