CWE-611
Improper Restriction of XML External Entity Reference
Description
The product processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output.
Hierarchy (View 1000)
Parents
Children
none
Related attack patterns (CAPEC)
CAPEC-221
CVEs mapped to this weakness (684)
page 20 of 35| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-47778 | Med | 0.33 | — | 0.00 | May 14, 2025 | Sulu is an open-source PHP content management system based on the Symfony framework. Starting in versions 2.5.21, 2.6.5, and 3.0.0-alpha1, an admin user can upload SVG which may load external data via XML DOM library. This can be used for insecure XML External Entity References.… | ||
| CVE-2025-2070 | Med | 0.33 | 5.0 | 0.00 | Apr 25, 2025 | An improper XML parsing vulnerability was reported in the FileZ client that could allow arbitrary file reads on the system if a crafted url is visited by a local user. | ||
| CVE-2024-54005 | Med | 0.33 | 5.1 | 0.00 | Dec 10, 2024 | A vulnerability has been identified in COMOS V10.3 (All versions < V10.3.3.5.8), COMOS V10.4.0 (All versions), COMOS V10.4.1 (All versions), COMOS V10.4.2 (All versions), COMOS V10.4.3 (All versions < V10.4.3.0.47), COMOS V10.4.4 (All versions < V10.4.4.2), COMOS V10.4.4.1 (All… | ||
| CVE-2017-10617 | Med | 0.33 | 5.0 | 0.02 | Oct 13, 2017 | The ifmap service that comes bundled with Contrail has an XML External Entity (XXE) vulnerability that may allow an attacker to retrieve sensitive system files. Affected releases are Juniper Networks Contrail 2.2 prior to 2.21.4; 3.0 prior to 3.0.3.4; 3.1 prior to 3.1.4.0; 3.2… | ||
| CVE-2026-20029 | Med | 0.32 | 4.9 | 0.06 | Jan 7, 2026 | A vulnerability in the licensing features of Cisco Identity Services Engine (ISE) and Cisco ISE Passive Identity Connector (ISE-PIC) could allow an authenticated, remote attacker with administrative privileges to gain access to sensitive information. This… | ||
| CVE-2025-24911 | Med | 0.32 | 4.9 | 0.00 | Apr 16, 2025 | Overview XML documents optionally contain a Document Type Definition (DTD), which, among other features, enables the definition of XML entities. It is possible to define an entity by providing a substitution string in the form of a URI. Once the content of the URI is… | ||
| CVE-2025-24910 | Med | 0.32 | 4.9 | 0.00 | Apr 16, 2025 | Overview XML documents optionally contain a Document Type Definition (DTD), which, among other features, enables the definition of XML entities. It is possible to define an entity by providing a substitution string in the form of a URI. Once the content of the URI is… | ||
| CVE-2025-24521 | — | Med | 0.32 | 4.9 | 0.00 | Mar 5, 2025 | External XML entity injection allows arbitrary download of files. The score without least privilege principle violation is as calculated below. In combination with other issues it may facilitate further compromise of the device. Remediation in Version 6.8.0, release date: … | |
| CVE-2018-11719 | Med | 0.32 | 4.9 | 0.01 | Aug 30, 2018 | Xovis PC2, PC2R, and PC3 devices through 3.6.0 allow XXE. | ||
| CVE-2016-9491 | Med | 0.32 | 4.9 | 0.03 | Jul 13, 2018 | ManageEngine Applications Manager 12 and 13 before build 13690 allows an authenticated user, who is able to access /register.do page (most likely limited to administrator), to browse the filesystem and read the system files, including Applications Manager configuration, stored… | ||
| CVE-2024-6961 | Med | 0.31 | 5.9 | 0.00 | Jul 21, 2024 | RAIL documents are an XML-based format invented by Guardrails AI to enforce formatting checks on LLM outputs. Guardrails users that consume RAIL documents from external sources are vulnerable to XXE, which may cause leakage of internal file data via the SYSTEM entity. | ||
| CVE-2018-6225 | Med | 0.31 | 4.3 | 0.04 | Mar 15, 2018 | An XML external entity injection (XXE) vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow an authenticated user to expose a normally protected configuration script. | ||
| CVE-2024-9044 | Med | 0.30 | — | 0.00 | Nov 29, 2024 | A XML External Entity (XXE) vulnerability has been identified in Easy Tax Client Software 2023 1.2 and earlier across multiple platforms, including Windows, Linux, and macOS. | ||
| CVE-2025-27136 | — | Med | 0.29 | — | 0.01 | Mar 10, 2025 | LocalS3 is an Amazon S3 mock service for testing and local development. Prior to version 1.21, the LocalS3 service's bucket creation endpoint is vulnerable to XML External Entity (XXE) injection. When processing the CreateBucketConfiguration XML document during bucket creation,… | |
| CVE-2018-8026 | Med | 0.29 | 5.5 | 0.09 | Jul 5, 2018 | This vulnerability in Apache Solr 6.0.0 to 6.6.4 and 7.0.0 to 7.3.1 relates to an XML external entity expansion (XXE) in Solr config files (currency.xml, enumsConfig.xml referred from schema.xml, TIKA parsecontext config file). In addition, Xinclude functionality provided in… | ||
| CVE-2018-8010 | Med | 0.29 | 5.5 | 0.04 | May 21, 2018 | This vulnerability in Apache Solr 6.0.0 to 6.6.3, 7.0.0 to 7.3.0 relates to an XML external entity expansion (XXE) in Solr config files (solrconfig.xml, schema.xml, managed-schema). In addition, Xinclude functionality provided in these config files is also affected in a similar… | ||
| CVE-2018-0100 | Med | 0.29 | 4.4 | 0.00 | Jan 18, 2018 | A vulnerability in the Profile Editor of the Cisco AnyConnect Secure Mobility Client could allow an unauthenticated, local attacker to have read and write access to information stored in the affected system. The vulnerability is due to improper handling of the XML External… | ||
| CVE-2017-15280 | Med | 0.29 | 5.5 | 0.01 | Oct 12, 2017 | XML external entity (XXE) vulnerability in Umbraco CMS before 7.7.3 allows attackers to obtain sensitive information by reading files on the server or sending TCP requests to intranet hosts (aka SSRF), related to Umbraco.Web/umbraco.presentation/umbraco/dialogs/importDocumenttype… | ||
| CVE-2026-33371 | Med | 0.28 | 4.3 | 0.00 | Mar 20, 2026 | An issue was discovered in Zimbra Collaboration (ZCS) 10.0 and 10.1. An XML External Entity (XXE) vulnerability exists in the Zimbra Exchange Web Services (EWS) SOAP interface due to improper handling of XML input. An authenticated attacker can submit crafted XML data that is… | ||
| CVE-2024-25066 | Med | 0.28 | 4.3 | 0.00 | Feb 17, 2025 | RSA Authentication Manager before 8.7 SP2 Patch 1 allows XML External Entity (XXE) attacks via a license file, resulting in attacker-controlled files being stored on the product's server. Data exfiltration cannot occur. |
- risk 0.33cvss —epss 0.00
Sulu is an open-source PHP content management system based on the Symfony framework. Starting in versions 2.5.21, 2.6.5, and 3.0.0-alpha1, an admin user can upload SVG which may load external data via XML DOM library. This can be used for insecure XML External Entity References.…
- risk 0.33cvss 5.0epss 0.00
An improper XML parsing vulnerability was reported in the FileZ client that could allow arbitrary file reads on the system if a crafted url is visited by a local user.
- risk 0.33cvss 5.1epss 0.00
A vulnerability has been identified in COMOS V10.3 (All versions < V10.3.3.5.8), COMOS V10.4.0 (All versions), COMOS V10.4.1 (All versions), COMOS V10.4.2 (All versions), COMOS V10.4.3 (All versions < V10.4.3.0.47), COMOS V10.4.4 (All versions < V10.4.4.2), COMOS V10.4.4.1 (All…
- risk 0.33cvss 5.0epss 0.02
The ifmap service that comes bundled with Contrail has an XML External Entity (XXE) vulnerability that may allow an attacker to retrieve sensitive system files. Affected releases are Juniper Networks Contrail 2.2 prior to 2.21.4; 3.0 prior to 3.0.3.4; 3.1 prior to 3.1.4.0; 3.2…
- risk 0.32cvss 4.9epss 0.06
A vulnerability in the licensing features of Cisco Identity Services Engine (ISE) and Cisco ISE Passive Identity Connector (ISE-PIC) could allow an authenticated, remote attacker with administrative privileges to gain access to sensitive information. This…
- risk 0.32cvss 4.9epss 0.00
Overview XML documents optionally contain a Document Type Definition (DTD), which, among other features, enables the definition of XML entities. It is possible to define an entity by providing a substitution string in the form of a URI. Once the content of the URI is…
- risk 0.32cvss 4.9epss 0.00
Overview XML documents optionally contain a Document Type Definition (DTD), which, among other features, enables the definition of XML entities. It is possible to define an entity by providing a substitution string in the form of a URI. Once the content of the URI is…
- risk 0.32cvss 4.9epss 0.00
External XML entity injection allows arbitrary download of files. The score without least privilege principle violation is as calculated below. In combination with other issues it may facilitate further compromise of the device. Remediation in Version 6.8.0, release date: …
- risk 0.32cvss 4.9epss 0.01
Xovis PC2, PC2R, and PC3 devices through 3.6.0 allow XXE.
- risk 0.32cvss 4.9epss 0.03
ManageEngine Applications Manager 12 and 13 before build 13690 allows an authenticated user, who is able to access /register.do page (most likely limited to administrator), to browse the filesystem and read the system files, including Applications Manager configuration, stored…
- risk 0.31cvss 5.9epss 0.00
RAIL documents are an XML-based format invented by Guardrails AI to enforce formatting checks on LLM outputs. Guardrails users that consume RAIL documents from external sources are vulnerable to XXE, which may cause leakage of internal file data via the SYSTEM entity.
- risk 0.31cvss 4.3epss 0.04
An XML external entity injection (XXE) vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow an authenticated user to expose a normally protected configuration script.
- risk 0.30cvss —epss 0.00
A XML External Entity (XXE) vulnerability has been identified in Easy Tax Client Software 2023 1.2 and earlier across multiple platforms, including Windows, Linux, and macOS.
- risk 0.29cvss —epss 0.01
LocalS3 is an Amazon S3 mock service for testing and local development. Prior to version 1.21, the LocalS3 service's bucket creation endpoint is vulnerable to XML External Entity (XXE) injection. When processing the CreateBucketConfiguration XML document during bucket creation,…
- risk 0.29cvss 5.5epss 0.09
This vulnerability in Apache Solr 6.0.0 to 6.6.4 and 7.0.0 to 7.3.1 relates to an XML external entity expansion (XXE) in Solr config files (currency.xml, enumsConfig.xml referred from schema.xml, TIKA parsecontext config file). In addition, Xinclude functionality provided in…
- risk 0.29cvss 5.5epss 0.04
This vulnerability in Apache Solr 6.0.0 to 6.6.3, 7.0.0 to 7.3.0 relates to an XML external entity expansion (XXE) in Solr config files (solrconfig.xml, schema.xml, managed-schema). In addition, Xinclude functionality provided in these config files is also affected in a similar…
- risk 0.29cvss 4.4epss 0.00
A vulnerability in the Profile Editor of the Cisco AnyConnect Secure Mobility Client could allow an unauthenticated, local attacker to have read and write access to information stored in the affected system. The vulnerability is due to improper handling of the XML External…
- risk 0.29cvss 5.5epss 0.01
XML external entity (XXE) vulnerability in Umbraco CMS before 7.7.3 allows attackers to obtain sensitive information by reading files on the server or sending TCP requests to intranet hosts (aka SSRF), related to Umbraco.Web/umbraco.presentation/umbraco/dialogs/importDocumenttype…
- risk 0.28cvss 4.3epss 0.00
An issue was discovered in Zimbra Collaboration (ZCS) 10.0 and 10.1. An XML External Entity (XXE) vulnerability exists in the Zimbra Exchange Web Services (EWS) SOAP interface due to improper handling of XML input. An authenticated attacker can submit crafted XML data that is…
- risk 0.28cvss 4.3epss 0.00
RSA Authentication Manager before 8.7 SP2 Patch 1 allows XML External Entity (XXE) attacks via a license file, resulting in attacker-controlled files being stored on the product's server. Data exfiltration cannot occur.