Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-611

CWE-611

Improper Restriction of XML External Entity Reference

Parent: CWE-610 - Externally Controlled Reference to a Resource in Another Sphere

The product processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output.

1,252 vulnerabilities with CWE-611

CVE-2020-7032 MEDIUM

Avaya WebLM 7.0-7.1.3.6 and 8.0-8.1.2 - Authenticated XML External Entity Injection via XML Request

CVE-2020-24454 HIGH

Intel(R) Quartus(R) Prime <20.3-20.2 - Info Disclosure

CVE-2020-27017 MEDIUM

Trend Micro InterScan Messaging Security Virtual Appliance < 9.1 - Authenticated XML External Entity Injection

CVE-2020-15352 HIGH

Pulse Connect Secure < 9.1R9 and Pulse Policy Secure < 9.1R9 - Authenticated XML External Entity Injection

CVE-2020-25186 HIGH

LeviStudioU < 2019-09-21 - XML External Entity Injection via Parameter Entity Processing

CVE-2020-4772 HIGH

IBM Curam Social Program Management 7.0.9 and 7.0.10 - XML External Entity Injection

CVE-2020-15232 CRITICAL

mapfish/print < 3.24 - XML External Entity Injection via SDL Style

CVE-2020-13940 MEDIUM

Apache NiFi 1.0.0-1.11.4 - XML External Entity Injection via Malicious XML Configuration

CVE-2020-8256 MEDIUM

Pulse Connect Secure <9.1R8.2 - XXE

CVE-2020-21524 CRITICAL

Halo 1.1.3 - XML External Entity Injection via WordPress Migration Import

CVE-2020-2284 HIGH

Jenkins Liquibase Runner Plugin <1.4.5 - XXE

CVE-2020-4643 HIGH

IBM WebSphere Application Server 7.0.0.0-7.0.0.45 - XML External Entity Injection

CVE-2020-14029 HIGH

Ozeki NG SMS Gateway < 4.17.6 - XML External Entity Injection in RSS To SMS Module

CVE-2020-15772 MEDIUM

Gradle Enterprise 2018.5-2020.2.4 - XML External Entity Injection via SAML Metadata Upload

CVE-2020-25750 HIGH

DotPlant2 < 2020-09-14 - XML External Entity Injection via Pay2PayPayment checkResult Function

CVE-2020-25215 CRITICAL

yEd < 3.20.1 - XML External Entity Injection via XML or GraphML Document

CVE-2020-11991 HIGH

Apache Cocoon 2.1.12 - XML Injection

CVE-2020-25257 CRITICAL

Hyland OnBase < 16.0.2.83, <= 17.0.2.109, <= 18.0.0.37, <= 19.8.16.1000, <= 20.3.10.1000 - XML External Entity Injection

CVE-2020-17408 HIGH

NEC ExpressCluster 4.1 - Info Disclosure

CVE-2020-24379 CRITICAL

Yaws 1.81-2.0.7 - XML External Entity Injection via WebDAV Implementation

CVE-2020-2247 MEDIUM

Jenkins Klocwork Analysis Plugin <2020.2.1 - XXE

CVE-2020-2245 HIGH

Jenkins Valgrind Plugin <0.28 - XXE

CVE-2020-25020 CRITICAL

mpxj < 8.1.3 - XML External Entity Injection in GanttProjectReader and PhoenixReader

CVE-2020-17376 HIGH

OpenStack Nova <19.3.1,20.x<20.3.1,21.0.0 - Privilege Escalation

CVE-2020-24656 MEDIUM

Maltego < 4.2.12 - XML External Entity Injection

Previous Page 28 of 51 Next

Details

Vulnerabilities 1,252

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy