CWE-611 · Improper Restriction of XML External Entity Reference (XXE)
1262 CVEs classified under CWE-611 (Improper Restriction of XML External Entity Reference (XXE)). Browse by severity and year.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2022-22486 | Critical | 10.0 | 2023-02-03 | IBM Tivoli Workload Scheduler 9.4, 9.5, and 10.1 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker cou… |
CVE-2019-14678 | Critical | 10.0 | 2019-11-14 | SAS XML Mapper 9.45 has an XML External Entity (XXE) vulnerability that can be leveraged by malicious attackers in multiple ways. Examples are Local File Readi… |
CVE-2015-9280 | Critical | 10.0 | 2019-01-16 | MailEnable before 8.60 allows XXE via an XML document in the request.aspx Options parameter. |
CVE-2018-1000838 | Critical | 10.0 | 2018-12-20 | autopsy version <= 4.9.0 contains a XML External Entity (XXE) vulnerability in CaseMetadata XML Parser that can result in Disclosure of confidential data, deni… |
CVE-2018-1000837 | Critical | 10.0 | 2018-12-20 | UML Designer version <= 8.0.0 contains a XML External Entity (XXE) vulnerability in XML parser for plugins that can result in Disclosure of confidential data… |
CVE-2018-1000835 | Critical | 10.0 | 2018-12-20 | KeePassDX version <= 2.5.0.0beta17 contains a XML External Entity (XXE) vulnerability in kdbx file parser that can result in Disclosure of confidential data, d… |
CVE-2018-1000831 | Critical | 10.0 | 2018-12-20 | K9Mail version <= v5.600 contains a XML External Entity (XXE) vulnerability in WebDAV response parser that can result in Disclosure of confidential data, denia… |
CVE-2018-1000830 | Critical | 10.0 | 2018-12-20 | XR3Player version <= V3.124 contains a XML External Entity (XXE) vulnerability in Playlist parser that can result in Disclosure of confidential data, denial of… |
CVE-2018-1000825 | Critical | 10.0 | 2018-12-20 | FreeCol version <= nightly-2018-08-22 contains a XML External Entity (XXE) vulnerability in FreeColXMLReader parser that can result in Disclosure of confidenti… |
CVE-2018-1000823 | Critical | 10.0 | 2018-12-20 | exist version <= 5.0.0-RC4 contains a XML External Entity (XXE) vulnerability in XML Parser for REST Server that can result in Disclosure of confidential data… |
CVE-2018-1000822 | Critical | 10.0 | 2018-12-20 | codelibs fess version before commit faa265b contains a XML External Entity (XXE) vulnerability in GSA XML file parser that can result in Disclosure of confiden… |
CVE-2018-1000821 | Critical | 10.0 | 2018-12-20 | MicroMathematics version before commit 5c05ac8 contains a XML External Entity (XXE) vulnerability in SMathStudio files that can result in Disclosure of confide… |
CVE-2018-1000820 | Critical | 10.0 | 2018-12-20 | neo4j-contrib neo4j-apoc-procedures version before commit 45bc09c contains a XML External Entity (XXE) vulnerability in XML Parser that can result in Disclosur… |
CVE-2018-1000652 | Critical | 10.0 | 2018-08-20 | JabRef version <=4.3.1 contains a XML External Entity (XXE) vulnerability in MsBibImporter XML Parser that can result in disclosure of confidential data, denia… |
CVE-2018-1000651 | Critical | 10.0 | 2018-08-20 | Stroom version <5.4.5 contains a XML External Entity (XXE) vulnerability in XML Parser that can result in disclosure of confidential data, denial of service, s… |
CVE-2018-1000644 | Critical | 10.0 | 2018-08-20 | Eclipse RDF4j version < 2.4.0 Milestone 2 contains a XML External Entity (XXE) vulnerability in RDF4j XML parser parsing RDF files that can result in the discl… |
CVE-2018-1000124 | Critical | 10.0 | 2018-03-13 | I Librarian I-librarian version 4.8 and earlier contains a XML External Entity (XXE) vulnerability in line 154 of importmetadata.php(simplexml_load_string) tha… |
CVE-2017-7664 | Critical | 10.0 | 2017-07-17 | Uploaded XML documents were not correctly validated in Apache OpenMeetings 3.1.0. |
CVE-2017-8110 | Critical | 10.0 | 2017-04-25 | www.modified-shop.org modified eCommerce Shopsoftware 2.0.2.2 rev 10690 has XXE in api/it-recht-kanzlei/api-it-recht-kanzlei.php. |
CVE-2025-30220 | Critical | 9.9 | 2025-06-10 | GeoServer is an open source server that allows users to share and edit geospatial data. GeoTools Schema class use of Eclipse XSD library to represent schema da… |