CWE-611
Improper Restriction of XML External Entity Reference
BaseDraft
Description
The product processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output.
Hierarchy (View 1000)
Parents
Children
none
Related attack patterns (CAPEC)
CAPEC-221
CVEs mapped to this weakness (268)
page 7 of 14| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-45490 | Hig | 0.49 | 7.5 | 0.01 | Aug 30, 2024 | An issue was discovered in libexpat before 2.6.3. xmlparse.c does not reject a negative length for XML_ParseBuffer. | |
| CVE-2017-11286 | Hig | 0.49 | 7.5 | 0.01 | Dec 1, 2017 | Adobe ColdFusion has an XML external entity (XXE) injection vulnerability. This affects Update 4 and earlier versions for ColdFusion 2016, and Update 12 and earlier versions for ColdFusion 11. | |
| CVE-2017-14868 | Hig | 0.49 | 7.5 | 0.00 | Nov 30, 2017 | Restlet Framework before 2.3.11, when using SimpleXMLProvider, allows remote attackers to access arbitrary files via an XXE attack in a REST API HTTP request. This affects use of the Jax-rs extension. | |
| CVE-2017-11272 | Hig | 0.49 | 7.5 | 0.01 | Aug 11, 2017 | Adobe Digital Editions 4.5.4 and earlier has a security bypass vulnerability. | |
| CVE-2017-11390 | Hig | 0.49 | 7.5 | 0.01 | Aug 2, 2017 | XML external entity (XXE) processing vulnerability in Trend Micro Control Manager 6.0, if exploited, could lead to information disclosure. Formerly ZDI-CAN-4706. | |
| CVE-2017-9233 | Hig | 0.49 | 7.5 | 0.00 | Jul 25, 2017 | XML External Entity vulnerability in libexpat 2.2.0 and earlier (Expat XML Parser Library) allows attackers to put the parser in an infinite loop using a malformed external entity definition from an external DTD. | |
| CVE-2017-9231 | Hig | 0.49 | 7.5 | 0.00 | Jun 16, 2017 | XML external entity (XXE) vulnerability in Citrix XenMobile Server 9.x and 10.x before 10.5 RP3 allows attackers to obtain sensitive information via unspecified vectors. | |
| CVE-2017-3548 | Med | 0.49 | 6.5 | 0.49 | Apr 24, 2017 | Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Integration Broker). Supported versions that are affected are 8.54 and 8.55. Easily "exploitable" vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of PeopleSoft Enterprise PeopleTools. CVSS 3.0 Base Score 6.5 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L). | |
| CVE-2016-10097 | Hig | 0.49 | 7.5 | 0.01 | Jan 2, 2017 | XML External Entity (XXE) Vulnerability in /SSOPOST/metaAlias/%realm%/idpv2 in OpenAM - Access Management 10.1.0 allows remote attackers to read arbitrary files via the SAMLRequest parameter. | |
| CVE-2016-6408 | Hig | 0.49 | 7.5 | 0.00 | Sep 24, 2016 | Cisco Prime Home 5.2.0 allows remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, aka Bug ID CSCvb17814. | |
| CVE-2023-42344 | Hig | 0.48 | 7.3 | 0.05 | May 8, 2026 | Alkacon OpenCms before 10.5.1 allows remote unauthenticated attackers to obtain sensitive information via a cmis-online/query XXE attack on a Chemistry servlet. | |
| CVE-2010-2245 | Hig | 0.48 | 7.4 | 0.00 | Aug 8, 2017 | XML External Entity (XXE) vulnerability in Apache Wink 1.1.1 and earlier allows remote attackers to read arbitrary files or cause a denial of service via a crafted XML document. | |
| CVE-2017-5661 | Hig | 0.48 | 7.3 | 0.02 | Apr 18, 2017 | In Apache FOP before 2.2, files lying on the filesystem of the server which uses FOP can be revealed to arbitrary users who send maliciously formed SVG files. The file types that can be shown depend on the user context in which the exploitable application is running. If the user is root a full compromise of the server - including confidential or sensitive files - would be possible. XXE can also be used to attack the availability of the server via denial of service as the references within a xml document can trivially trigger an amplification attack. | |
| CVE-2025-11341 | Hig | 0.47 | 7.3 | 0.00 | Oct 6, 2025 | A security flaw has been discovered in Jinher OA up to 2.0. This affects an unknown function of the file /c6/Jhsoft.Web.module/eformaspx/WebDesign.aspx/?type=SystemUserInfo&style=1. Performing manipulation results in xml external entity reference. Remote exploitation of the attack is possible. The exploit has been released to the public and may be exploited. | |
| CVE-2025-11140 | Hig | 0.47 | 7.3 | 0.00 | Sep 29, 2025 | A vulnerability was identified in Bjskzy Zhiyou ERP up to 11.0. Affected by this vulnerability is the function openForm of the component com.artery.richclient.RichClientService. Such manipulation of the argument contentString leads to xml external entity reference. The attack can be executed remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way. | |
| CVE-2025-10816 | Hig | 0.47 | 7.3 | 0.00 | Sep 22, 2025 | A security flaw has been discovered in Jinher OA 2.0. This affects an unknown part of the file /c6/Jhsoft.Web.module/ToolBar/GetWordFileName.aspx/?text=GetUrl&style=add of the component XML Handler. Performing manipulation results in xml external entity reference. The attack may be initiated remotely. The exploit has been released to the public and may be exploited. | |
| CVE-2025-10092 | Hig | 0.47 | 7.3 | 0.00 | Sep 8, 2025 | A vulnerability was found in Jinher OA up to 1.2. This impacts an unknown function of the file /c6/Jhsoft.Web.projectmanage/TaskManage/AddTask.aspx/?Type=add of the component XML Handler. The manipulation results in xml external entity reference. The attack can be executed remotely. The exploit has been made public and could be used. | |
| CVE-2025-10091 | Hig | 0.47 | 7.3 | 0.00 | Sep 8, 2025 | A vulnerability has been found in Jinher OA up to 1.2. This affects an unknown function of the file /c6/Jhsoft.Web.projectmanage/ProjectManage/XmlHttp.aspx/?Type=add of the component XML Handler. The manipulation leads to xml external entity reference. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used. | |
| CVE-2025-7824 | Hig | 0.47 | 7.3 | 0.00 | Jul 19, 2025 | A vulnerability was found in Jinher OA 1.1. It has been rated as problematic. This issue affects some unknown processing of the file XmlHttp.aspx. The manipulation leads to xml external entity reference. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | |
| CVE-2025-7823 | Hig | 0.47 | 7.3 | 0.00 | Jul 19, 2025 | A vulnerability was found in Jinher OA 1.2. It has been declared as problematic. This vulnerability affects unknown code of the file ProjectScheduleDelete.aspx. The manipulation leads to xml external entity reference. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. |