CWE-611 · Improper Restriction of XML External Entity Reference (XXE)

1262 CVEs classified under CWE-611 (Improper Restriction of XML External Entity Reference (XXE)). Browse by severity and year.

Top CVEs for CWE-611
CVESeverityScorePublishedSummary
CVE-2022-22486Critical10.02023-02-03IBM Tivoli Workload Scheduler 9.4, 9.5, and 10.1 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker cou…
CVE-2019-14678Critical10.02019-11-14SAS XML Mapper 9.45 has an XML External Entity (XXE) vulnerability that can be leveraged by malicious attackers in multiple ways. Examples are Local File Readi…
CVE-2015-9280Critical10.02019-01-16MailEnable before 8.60 allows XXE via an XML document in the request.aspx Options parameter.
CVE-2018-1000838Critical10.02018-12-20autopsy version <= 4.9.0 contains a XML External Entity (XXE) vulnerability in CaseMetadata XML Parser that can result in Disclosure of confidential data, deni…
CVE-2018-1000837Critical10.02018-12-20UML Designer version <= 8.0.0 contains a XML External Entity (XXE) vulnerability in XML parser for plugins that can result in Disclosure of confidential data…
CVE-2018-1000835Critical10.02018-12-20KeePassDX version <= 2.5.0.0beta17 contains a XML External Entity (XXE) vulnerability in kdbx file parser that can result in Disclosure of confidential data, d…
CVE-2018-1000831Critical10.02018-12-20K9Mail version <= v5.600 contains a XML External Entity (XXE) vulnerability in WebDAV response parser that can result in Disclosure of confidential data, denia…
CVE-2018-1000830Critical10.02018-12-20XR3Player version <= V3.124 contains a XML External Entity (XXE) vulnerability in Playlist parser that can result in Disclosure of confidential data, denial of…
CVE-2018-1000825Critical10.02018-12-20FreeCol version <= nightly-2018-08-22 contains a XML External Entity (XXE) vulnerability in FreeColXMLReader parser that can result in Disclosure of confidenti…
CVE-2018-1000823Critical10.02018-12-20exist version <= 5.0.0-RC4 contains a XML External Entity (XXE) vulnerability in XML Parser for REST Server that can result in Disclosure of confidential data…
CVE-2018-1000822Critical10.02018-12-20codelibs fess version before commit faa265b contains a XML External Entity (XXE) vulnerability in GSA XML file parser that can result in Disclosure of confiden…
CVE-2018-1000821Critical10.02018-12-20MicroMathematics version before commit 5c05ac8 contains a XML External Entity (XXE) vulnerability in SMathStudio files that can result in Disclosure of confide…
CVE-2018-1000820Critical10.02018-12-20neo4j-contrib neo4j-apoc-procedures version before commit 45bc09c contains a XML External Entity (XXE) vulnerability in XML Parser that can result in Disclosur…
CVE-2018-1000652Critical10.02018-08-20JabRef version <=4.3.1 contains a XML External Entity (XXE) vulnerability in MsBibImporter XML Parser that can result in disclosure of confidential data, denia…
CVE-2018-1000651Critical10.02018-08-20Stroom version <5.4.5 contains a XML External Entity (XXE) vulnerability in XML Parser that can result in disclosure of confidential data, denial of service, s…
CVE-2018-1000644Critical10.02018-08-20Eclipse RDF4j version < 2.4.0 Milestone 2 contains a XML External Entity (XXE) vulnerability in RDF4j XML parser parsing RDF files that can result in the discl…
CVE-2018-1000124Critical10.02018-03-13I Librarian I-librarian version 4.8 and earlier contains a XML External Entity (XXE) vulnerability in line 154 of importmetadata.php(simplexml_load_string) tha…
CVE-2017-7664Critical10.02017-07-17Uploaded XML documents were not correctly validated in Apache OpenMeetings 3.1.0.
CVE-2017-8110Critical10.02017-04-25www.modified-shop.org modified eCommerce Shopsoftware 2.0.2.2 rev 10690 has XXE in api/it-recht-kanzlei/api-it-recht-kanzlei.php.
CVE-2025-30220Critical9.92025-06-10GeoServer is an open source server that allows users to share and edit geospatial data. GeoTools Schema class use of Eclipse XSD library to represent schema da…