Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-611

CWE-611

Improper Restriction of XML External Entity Reference

Parent: CWE-610 - Externally Controlled Reference to a Resource in Another Sphere

The product processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output.

1,252 vulnerabilities with CWE-611

CVE-2021-29140 HIGH

Aruba ClearPass 6.7.0-6.7.13 - XML External Entity Injection

CVE-2021-25163 HIGH

Aruba AirWave < 8.2.12.1 - XML External Entity Injection

CVE-2021-25165 HIGH

Aruba AirWave < 8.2.12.1 - XML External Entity Injection

CVE-2021-25164 MEDIUM

Aruba AirWave < 8.2.12.1 - XML External Entity Injection

CVE-2021-27736 MEDIUM

FusionAuth fusionauth-samlv2 <0.5.4 - XML External Entity

CVE-2021-21642 HIGH

Jenkins Config File Provider Plugin < 3.7.0 - XML External Entity Injection

CVE-2021-20454 HIGH

IBM WebSphere Application Server <9.0 - XXE

CVE-2021-20453 HIGH

IBM WebSphere Application Server <9.0 - XXE

CVE-2021-29447 HIGH

WordPress 5.6.0-5.7.0 - Authenticated XML External Entity Injection via Media Library File Upload

CVE-2021-27604 MEDIUM

SAP NetWeaver ABAP Server/ABAP Platform <7.50 - XSS

CVE-2021-28973 MEDIUM

Perforce Helix ALM 2020.3.1 Build 22 - XML External Entity Injection via XML Import

CVE-2021-22158 HIGH

Proofpoint Insider Threat Management < 7.9.3 - Authenticated XML External Entity Injection

CVE-2021-29421 HIGH

pikepdf 1.3.0-2.9.2 - XML External Entity Injection in XMP Metadata Parser

CVE-2021-20502 HIGH

IBM Jazz Foundation Products - XML External Entity Injection

CVE-2021-20482 HIGH

IBM Cloud Pak for Automation <20.0.2,20.0.3 - XXE

CVE-2021-1628 CRITICAL

Mule 4.0.0-4.2.1 - XML External Entity Injection

CVE-2021-28110 HIGH

TranzWare e-Commerce Payment Gateway <3.1.27.5 - XML Injection

CVE-2021-26969 MEDIUM

Aruba AirWave < 8.2.12.0 - Authenticated XML External Entity Injection

CVE-2021-27931 CRITICAL

LumisXP <10.0.0 - Blind XML External Entity Attack

CVE-2021-26703 CRITICAL

EPrints 3.4.2 - XML External Entity File Read via JSON/XML Input

CVE-2021-21517 HIGH

Dell EMC SRS Policy Manager 6.X - Unauthenticated XML External Entity Injection via DTD Processing

CVE-2021-27184 HIGH

Pelco Digital Sentry Server 7.18.72.11464 - XML External Entity Injection via ControlPointCacheShare.xml

CVE-2021-20353 HIGH

IBM WebSphere Application Server <9.0 - XXE

CVE-2021-21266 MEDIUM

openHAB < 2.5.12 - XML External Entity Injection via SSDP Response Parsing

CVE-2021-23901 CRITICAL

Apache Nutch < 1.18 - XML External Entity Injection in DmozParser

Previous Page 25 of 51 Next

Details

Vulnerabilities 1,252

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy