CWE-610
DiscouragedExternally Controlled Reference to a Resource in Another Sphere
Abstraction: Class · Status: Draft
The product uses an externally controlled name or reference that resolves to a resource that is outside of the intended control sphere.
277 vulnerabilities reference this CWE, most recent first.
GHSA-XGMV-256H-6689
Vulnerability from github – Published: 2025-09-08 12:30 – Updated: 2025-09-08 12:30A vulnerability was found in Jinher OA up to 1.2. This impacts an unknown function of the file /c6/Jhsoft.Web.projectmanage/TaskManage/AddTask.aspx/?Type=add of the component XML Handler. The manipulation results in xml external entity reference. The attack can be executed remotely. The exploit has been made public and could be used.
{
"affected": [],
"aliases": [
"CVE-2025-10092"
],
"database_specific": {
"cwe_ids": [
"CWE-610",
"CWE-611"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-09-08T12:15:31Z",
"severity": "MODERATE"
},
"details": "A vulnerability was found in Jinher OA up to 1.2. This impacts an unknown function of the file /c6/Jhsoft.Web.projectmanage/TaskManage/AddTask.aspx/?Type=add of the component XML Handler. The manipulation results in xml external entity reference. The attack can be executed remotely. The exploit has been made public and could be used.",
"id": "GHSA-xgmv-256h-6689",
"modified": "2025-09-08T12:30:33Z",
"published": "2025-09-08T12:30:33Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-10092"
},
{
"type": "WEB",
"url": "https://github.com/Cstarplus/CVE/issues/3"
},
{
"type": "WEB",
"url": "https://vuldb.com/?ctiid.323047"
},
{
"type": "WEB",
"url": "https://vuldb.com/?id.323047"
},
{
"type": "WEB",
"url": "https://vuldb.com/?submit.644868"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-XJMJ-77VH-QF7W
Vulnerability from github – Published: 2022-05-24 19:10 – Updated: 2022-05-24 19:10An arbitrary file deletion vulnerability exists within Maccms10.
{
"affected": [],
"aliases": [
"CVE-2020-21363"
],
"database_specific": {
"cwe_ids": [
"CWE-610"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-08-11T21:15:00Z",
"severity": "MODERATE"
},
"details": "An arbitrary file deletion vulnerability exists within Maccms10.",
"id": "GHSA-xjmj-77vh-qf7w",
"modified": "2022-05-24T19:10:39Z",
"published": "2022-05-24T19:10:39Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-21363"
},
{
"type": "WEB",
"url": "https://github.com/magicblack/maccms10/issues/79"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-XP27-622H-2G9P
Vulnerability from github – Published: 2022-08-13 00:00 – Updated: 2022-08-19 00:00In DreamServices, there is a possible way to launch arbitrary protected activities due to a confused deputy. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-189574230
{
"affected": [],
"aliases": [
"CVE-2022-20319"
],
"database_specific": {
"cwe_ids": [
"CWE-610"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-08-12T15:15:00Z",
"severity": "HIGH"
},
"details": "In DreamServices, there is a possible way to launch arbitrary protected activities due to a confused deputy. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-189574230",
"id": "GHSA-xp27-622h-2g9p",
"modified": "2022-08-19T00:00:22Z",
"published": "2022-08-13T00:00:44Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-20319"
},
{
"type": "WEB",
"url": "https://source.android.com/security/bulletin/android-13"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-XP3R-9WX8-Q2MM
Vulnerability from github – Published: 2022-10-19 19:00 – Updated: 2022-12-16 19:55Jenkins Compuware Topaz for Total Test Plugin 2.4.8 and earlier implements an agent/controller message that does not limit where it can be executed, allowing attackers able to control agent processes to obtain the values of Java system properties from the Jenkins controller process.
These vulnerabilities are only exploitable in Jenkins 2.318 and earlier, LTS 2.303.2 and earlier. See the LTS upgrade guide.
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 2.4.8"
},
"package": {
"ecosystem": "Maven",
"name": "com.compuware.jenkins:compuware-topaz-for-total-test"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.4.9"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2022-43428"
],
"database_specific": {
"cwe_ids": [
"CWE-610",
"CWE-693"
],
"github_reviewed": true,
"github_reviewed_at": "2022-10-19T22:02:43Z",
"nvd_published_at": "2022-10-19T16:15:00Z",
"severity": "HIGH"
},
"details": "Jenkins Compuware Topaz for Total Test Plugin 2.4.8 and earlier implements an agent/controller message that does not limit where it can be executed, allowing attackers able to control agent processes to obtain the values of Java system properties from the Jenkins controller process.\n\nThese vulnerabilities are only exploitable in Jenkins 2.318 and earlier, LTS 2.303.2 and earlier. See the [LTS upgrade guide](https://www.jenkins.io/doc/upgrade-guide/2.303/#upgrading-to-jenkins-lts-2-303-3).",
"id": "GHSA-xp3r-9wx8-q2mm",
"modified": "2022-12-16T19:55:09Z",
"published": "2022-10-19T19:00:22Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-43428"
},
{
"type": "WEB",
"url": "https://github.com/jenkinsci/compuware-topaz-for-total-test-plugin/commit/5fca6eb21599f8f27323dfa17a6e44f8176ca551"
},
{
"type": "PACKAGE",
"url": "https://github.com/jenkinsci/compuware-topaz-for-total-test-plugin"
},
{
"type": "WEB",
"url": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2624"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2022/10/19/3"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
],
"summary": "Agent-to-controller security bypass vulnerabilities in Jenkins Compuware Topaz for Total Test Plugin"
}
GHSA-XRJQ-MMX8-72H6
Vulnerability from github – Published: 2025-05-13 18:30 – Updated: 2025-05-13 18:30External control of file name or path in Microsoft Defender for Endpoint allows an authorized attacker to elevate privileges locally.
{
"affected": [],
"aliases": [
"CVE-2025-26684"
],
"database_specific": {
"cwe_ids": [
"CWE-610",
"CWE-73"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-05-13T17:15:51Z",
"severity": "MODERATE"
},
"details": "External control of file name or path in Microsoft Defender for Endpoint allows an authorized attacker to elevate privileges locally.",
"id": "GHSA-xrjq-mmx8-72h6",
"modified": "2025-05-13T18:30:53Z",
"published": "2025-05-13T18:30:53Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-26684"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-26684"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-XW2G-VG83-C99R
Vulnerability from github – Published: 2025-01-22 12:33 – Updated: 2026-01-14 15:32A externally controlled reference to a resource in another sphere in Fortinet FortiManager before version 7.4.3, FortiMail before version 7.0.3, FortiAnalyzer before version 7.4.3, FortiVoice version 7.0.0, 7.0.1 and before 6.4.8, FortiProxy before version 7.0.4, FortiRecorder version 6.4.0 through 6.4.2 and before 6.0.10, FortiAuthenticator version 6.4.0 through 6.4.1 and before 6.3.3, FortiNDR version 7.2.0 before 7.1.0, FortiWLC before version 8.6.4, FortiPortal before version 6.0.9, FortiOS version 7.2.0 and before 7.0.5, FortiADC version 7.0.0 through 7.0.1 and before 6.2.3 , FortiDDoS before version 5.5.1, FortiDDoS-F before version 6.3.3, FortiTester before version 7.2.1, FortiSOAR before version 7.2.2 and FortiSwitch before version 6.3.3 allows attacker to poison web caches via crafted HTTP requests, where the Host header points to an arbitrary webserver
{
"affected": [],
"aliases": [
"CVE-2022-23439"
],
"database_specific": {
"cwe_ids": [
"CWE-610"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-01-22T10:15:07Z",
"severity": "MODERATE"
},
"details": "A externally controlled reference to a resource in another sphere in Fortinet FortiManager before version 7.4.3, FortiMail before version 7.0.3, FortiAnalyzer before version 7.4.3, FortiVoice version 7.0.0, 7.0.1 and before 6.4.8, FortiProxy before version 7.0.4, FortiRecorder version 6.4.0 through 6.4.2 and before 6.0.10, FortiAuthenticator version 6.4.0 through 6.4.1 and before 6.3.3, FortiNDR version 7.2.0 before 7.1.0, FortiWLC before version 8.6.4, FortiPortal before version 6.0.9, FortiOS version 7.2.0 and before 7.0.5, FortiADC version 7.0.0 through 7.0.1 and before 6.2.3 , FortiDDoS before version 5.5.1, FortiDDoS-F before version 6.3.3, FortiTester before version 7.2.1, FortiSOAR before version 7.2.2 and FortiSwitch before version 6.3.3 allows attacker to poison web caches via crafted HTTP requests, where the `Host` header points to an arbitrary webserver",
"id": "GHSA-xw2g-vg83-c99r",
"modified": "2026-01-14T15:32:57Z",
"published": "2025-01-22T12:33:05Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23439"
},
{
"type": "WEB",
"url": "https://fortiguard.com/psirt/FG-IR-21-254"
},
{
"type": "WEB",
"url": "https://fortiguard.com/psirt/FG-IR-23-494"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-XXQC-MRQ8-7966
Vulnerability from github – Published: 2026-04-08 21:33 – Updated: 2026-05-07 18:30An external control of configuration vulnerability in the OpenVPN module of TP-Link AX53 v1.0 allows an authenticated adjacent attacker to read arbitrary file when a malicious configuration file is processed. Successful exploitation may allow unauthorized access to arbitrary files on the device, potentially exposing sensitive information.This issue affects AX53 v1.0: before 1.7.1 Build 20260213.
{
"affected": [],
"aliases": [
"CVE-2026-30816"
],
"database_specific": {
"cwe_ids": [
"CWE-15",
"CWE-610"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-04-08T19:25:20Z",
"severity": "MODERATE"
},
"details": "An external control of configuration vulnerability in the OpenVPN module\u00a0of TP-Link AX53 v1.0\u00a0allows an authenticated adjacent attacker to read arbitrary file when a malicious configuration file is processed.\u00a0\nSuccessful\nexploitation may allow unauthorized access to arbitrary files on the device,\npotentially exposing sensitive information.This issue affects AX53 v1.0: before 1.7.1 Build 20260213.",
"id": "GHSA-xxqc-mrq8-7966",
"modified": "2026-05-07T18:30:32Z",
"published": "2026-04-08T21:33:32Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-30816"
},
{
"type": "WEB",
"url": "https://talosintelligence.com/vulnerability_reports"
},
{
"type": "WEB",
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2025-2304"
},
{
"type": "WEB",
"url": "https://www.tp-link.com/en/support/download/archer-ax53/v1/#Firmware"
},
{
"type": "WEB",
"url": "https://www.tp-link.com/my/support/download/archer-ax53/v1/#Firmware"
},
{
"type": "WEB",
"url": "https://www.tp-link.com/us/support/faq/5055"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
No mitigation information available for this CWE.
CAPEC-219: XML Routing Detour Attacks
An attacker subverts an intermediate system used to process XML content and forces the intermediate to modify and/or re-route the processing of the content. XML Routing Detour Attacks are Adversary in the Middle type attacks (CAPEC-94). The attacker compromises or inserts an intermediate system in the processing of the XML message. For example, WS-Routing can be used to specify a series of nodes or intermediaries through which content is passed. If any of the intermediate nodes in this route are compromised by an attacker they could be used for a routing detour attack. From the compromised system the attacker is able to route the XML process to other nodes of their choice and modify the responses so that the normal chain of processing is unaware of the interception. This system can forward the message to an outside entity and hide the forwarding and processing from the legitimate processing systems by altering the header information.