CWE-611

Improper Restriction of XML External Entity Reference

Parent: CWE-610 - Externally Controlled Reference to a Resource in Another Sphere

The product processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output.

1,252 vulnerabilities with CWE-611
CVE-2020-25817 MEDIUM
SilverStripe < 4.6.0 - XML External Entity Injection in CSSContentParser
CVSS 4.8
CVE-2020-4300 HIGH
IBM Cognos Analytics 11.0 and 11.1 - XML External Entity Injection
CVSS 8.2
CVE-2020-36124 MEDIUM
Pax Technology PAXSTORE < 7.0.8_20200511171508 - Authenticated XML External Entity Injection
CVSS 6.5
CVE-2020-5013 HIGH
IBM QRadar SIEM 7.3-7.4 - XML External Entity Injection
CVSS 8.1
CVE-2020-7037 HIGH
Avaya Equinox Conferencing 9.0.0-9.1.10 - Authenticated XML External Entity Injection in Media Server
CVSS 8.1
CVE-2020-7036 HIGH
Avaya Callback Assist 4.0.0-4.7.1.1 - Authenticated XML External Entity Injection
CVSS 8.1
CVE-2020-7035 HIGH
Avaya Aura Orchestration Designer 7.0-7.2.2 - Authenticated XML External Entity Injection
CVSS 8.1
CVE-2020-6590 HIGH
Forcepoint Web Security Content Gateway < 8.5.4 - XML External Entity Injection
CVSS 7.5
CVE-2020-28387 MEDIUM
Solid Edge SE2020 < SE2020MP13 and SE2021 < SE2021MP3 - XML External Entity Injection via SEECTCXML File
CVSS 5.5
CVE-2020-4949 HIGH
IBM WebSphere Application Server 7.0.0.0-7.0.0.44 - XML External Entity Injection
CVSS 8.2
CVE-2020-27858 HIGH
CA Arcserve D2D 16.5 - Unauthenticated XML External Entity Injection via getNews Method
CVSS 7.5
CVE-2020-26981 MEDIUM
Siemens JT2Go and Teamcenter Visualization < 13.1.0 - XML External Entity Injection via Crafted XML File
CVSS 6.5
CVE-2020-27148 HIGH
TIBCO EBX Add-ons < 4.4.2 - XML External Entity Injection
CVSS 7.1
CVE-2020-4606 MEDIUM
IBM Security Verify Privilege Manager < 10.8.2 - XML External Entity Injection
CVSS 4.4
CVE-2020-28736 HIGH
Plone < 5.2.3 - Authenticated XML External Entity Injection via Schema Editor
CVSS 8.8
CVE-2020-28734 HIGH
Plone < 5.2.3 - Authenticated XML External Entity Injection
CVSS 8.8
CVE-2020-26247 LOW
Nokogiri < 1.11.0 - XML External Entity Injection via Schema Parsing
CVSS 2.6
CVE-2020-35604 CRITICAL
Kronos WebTA 5.0.4 - XML External Entity Injection via SAML Processing
CVSS 9.8
CVE-2020-35123 MEDIUM
Zimbra Collaboration Suite <9.0.0 P10-8.8.15 P17 - XXE
CVSS 6.5
CVE-2020-29436 MEDIUM
Sonatype Nexus Repository Manager <3.29.0 - Info Disclosure
CVSS 6.5
CVE-2020-26513 MEDIUM
Intland codeBeamer ALM <10.1.SP4 - SSRF
CVSS 5.5
CVE-2020-25649 HIGH
jackson-databind 2.6.0-2.6.7.3 - XML External Entity Injection
CVSS 7.5
CVE-2020-2324 HIGH
Jenkins CVS Plugin < 2.16 - XML External Entity Injection
CVSS 7.5
CVE-2020-26229 LOW
TYPO3 10.4.0-10.4.9 - Authenticated XML External Entity Injection in RSS Widgets
CVSS 3.7
CVE-2020-7572 HIGH
EcoStruxure Building Operation WebReports 1.9-3.1 - Authenticated XML External Entity Injection
CVSS 8.8
Details
Vulnerabilities 1,252
Links
MITRE CWE Entry Search this CWE With Exploits