VYPR

CWE-611

Improper Restriction of XML External Entity Reference

BaseDraft

Description

The product processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output.

Hierarchy (View 1000)

Parents

Children

none

Related attack patterns (CAPEC)

CAPEC-221

CVEs mapped to this weakness (684)

page 20 of 35
  • CVE-2025-47778MedMay 14, 2025
    risk 0.33cvss epss 0.00

    Sulu is an open-source PHP content management system based on the Symfony framework. Starting in versions 2.5.21, 2.6.5, and 3.0.0-alpha1, an admin user can upload SVG which may load external data via XML DOM library. This can be used for insecure XML External Entity References.…

  • CVE-2025-2070MedApr 25, 2025
    risk 0.33cvss 5.0epss 0.00

    An improper XML parsing vulnerability was reported in the FileZ client that could allow arbitrary file reads on the system if a crafted url is visited by a local user.

  • CVE-2024-54005MedDec 10, 2024
    risk 0.33cvss 5.1epss 0.00

    A vulnerability has been identified in COMOS V10.3 (All versions < V10.3.3.5.8), COMOS V10.4.0 (All versions), COMOS V10.4.1 (All versions), COMOS V10.4.2 (All versions), COMOS V10.4.3 (All versions < V10.4.3.0.47), COMOS V10.4.4 (All versions < V10.4.4.2), COMOS V10.4.4.1 (All…

  • CVE-2017-10617MedOct 13, 2017
    risk 0.33cvss 5.0epss 0.02

    The ifmap service that comes bundled with Contrail has an XML External Entity (XXE) vulnerability that may allow an attacker to retrieve sensitive system files. Affected releases are Juniper Networks Contrail 2.2 prior to 2.21.4; 3.0 prior to 3.0.3.4; 3.1 prior to 3.1.4.0; 3.2…

  • CVE-2026-20029MedJan 7, 2026
    risk 0.32cvss 4.9epss 0.06

    A vulnerability in the licensing features of Cisco Identity Services Engine (ISE) and Cisco ISE Passive Identity Connector (ISE-PIC) could allow an authenticated, remote attacker with administrative privileges to gain access to sensitive information. This…

  • CVE-2025-24911MedApr 16, 2025
    risk 0.32cvss 4.9epss 0.00

    Overview   XML documents optionally contain a Document Type Definition (DTD), which, among other features, enables the definition of XML entities. It is possible to define an entity by providing a substitution string in the form of a URI. Once the content of the URI is…

  • CVE-2025-24910MedApr 16, 2025
    risk 0.32cvss 4.9epss 0.00

    Overview   XML documents optionally contain a Document Type Definition (DTD), which, among other features, enables the definition of XML entities. It is possible to define an entity by providing a substitution string in the form of a URI. Once the content of the URI is…

  • CVE-2025-24521MedMar 5, 2025
    risk 0.32cvss 4.9epss 0.00

    External XML entity injection allows arbitrary download of files. The score without least privilege principle violation is as calculated below. In combination with other issues it may facilitate further compromise of the device. Remediation in Version 6.8.0, release date: …

  • CVE-2018-11719MedAug 30, 2018
    risk 0.32cvss 4.9epss 0.01

    Xovis PC2, PC2R, and PC3 devices through 3.6.0 allow XXE.

  • CVE-2016-9491MedJul 13, 2018
    risk 0.32cvss 4.9epss 0.03

    ManageEngine Applications Manager 12 and 13 before build 13690 allows an authenticated user, who is able to access /register.do page (most likely limited to administrator), to browse the filesystem and read the system files, including Applications Manager configuration, stored…

  • CVE-2024-6961MedJul 21, 2024
    risk 0.31cvss 5.9epss 0.00

    RAIL documents are an XML-based format invented by Guardrails AI to enforce formatting checks on LLM outputs. Guardrails users that consume RAIL documents from external sources are vulnerable to XXE, which may cause leakage of internal file data via the SYSTEM entity.

  • CVE-2018-6225MedMar 15, 2018
    risk 0.31cvss 4.3epss 0.04

    An XML external entity injection (XXE) vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow an authenticated user to expose a normally protected configuration script.

  • CVE-2024-9044MedNov 29, 2024
    risk 0.30cvss epss 0.00

    A XML External Entity (XXE) vulnerability has been identified in Easy Tax Client Software 2023 1.2 and earlier across multiple platforms, including Windows, Linux, and macOS.

  • CVE-2025-27136MedMar 10, 2025
    risk 0.29cvss epss 0.01

    LocalS3 is an Amazon S3 mock service for testing and local development. Prior to version 1.21, the LocalS3 service's bucket creation endpoint is vulnerable to XML External Entity (XXE) injection. When processing the CreateBucketConfiguration XML document during bucket creation,…

  • CVE-2018-8026MedJul 5, 2018
    risk 0.29cvss 5.5epss 0.09

    This vulnerability in Apache Solr 6.0.0 to 6.6.4 and 7.0.0 to 7.3.1 relates to an XML external entity expansion (XXE) in Solr config files (currency.xml, enumsConfig.xml referred from schema.xml, TIKA parsecontext config file). In addition, Xinclude functionality provided in…

  • CVE-2018-8010MedMay 21, 2018
    risk 0.29cvss 5.5epss 0.04

    This vulnerability in Apache Solr 6.0.0 to 6.6.3, 7.0.0 to 7.3.0 relates to an XML external entity expansion (XXE) in Solr config files (solrconfig.xml, schema.xml, managed-schema). In addition, Xinclude functionality provided in these config files is also affected in a similar…

  • CVE-2018-0100MedJan 18, 2018
    risk 0.29cvss 4.4epss 0.00

    A vulnerability in the Profile Editor of the Cisco AnyConnect Secure Mobility Client could allow an unauthenticated, local attacker to have read and write access to information stored in the affected system. The vulnerability is due to improper handling of the XML External…

  • CVE-2017-15280MedOct 12, 2017
    risk 0.29cvss 5.5epss 0.01

    XML external entity (XXE) vulnerability in Umbraco CMS before 7.7.3 allows attackers to obtain sensitive information by reading files on the server or sending TCP requests to intranet hosts (aka SSRF), related to Umbraco.Web/umbraco.presentation/umbraco/dialogs/importDocumenttype…

  • CVE-2026-33371MedMar 20, 2026
    risk 0.28cvss 4.3epss 0.00

    An issue was discovered in Zimbra Collaboration (ZCS) 10.0 and 10.1. An XML External Entity (XXE) vulnerability exists in the Zimbra Exchange Web Services (EWS) SOAP interface due to improper handling of XML input. An authenticated attacker can submit crafted XML data that is…

  • CVE-2024-25066MedFeb 17, 2025
    risk 0.28cvss 4.3epss 0.00

    RSA Authentication Manager before 8.7 SP2 Patch 1 allows XML External Entity (XXE) attacks via a license file, resulting in attacker-controlled files being stored on the product's server. Data exfiltration cannot occur.