Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-611

CWE-611

Improper Restriction of XML External Entity Reference

Parent: CWE-610 - Externally Controlled Reference to a Resource in Another Sphere

The product processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output.

1,253 vulnerabilities with CWE-611

CVE-2020-3256 MEDIUM

Cisco Hosted Collaboration Mediation Fulfillment < 12.5(1)su2 - Authenticated XML External Entity Injection

CVE-2020-12642 HIGH

ReportPortal service-api 3.1.0-4.3.11 and 5.0.0-5.1.0 - XML External Entity Injection via JUnit XML Launch Import

CVE-2020-10683 CRITICAL

dom4j < 2.0.3 - XML External Entity Injection

CVE-2020-11885 HIGH

WSO2 Enterprise Integrator <= 6.6.0 - XML External Entity Injection via XML Validator

CVE-2020-2178 HIGH

Jenkins Parasoft Findings Plugin < 10.4.3 - XML External Entity Injection

CVE-2020-6238 CRITICAL

SAP Commerce Cloud 6.6, 6.7, 1808, 1811, 1905 - XML External Entity Injection in Rest API Servlet xyformsweb

CVE-2020-10629 HIGH

WebAccess/NMS <3.0.2 - Info Disclosure

CVE-2020-11586 CRITICAL

CIPPlanner CIPAce < 9.1 - Unauthenticated XML External Entity Injection

CVE-2020-10993 CRITICAL

Osmand < 2.0.0 - XML External Entity Injection via BinaryMapIndexReader

CVE-2020-10992 CRITICAL

Azkaban < 3.84.0 - XML External Entity Injection in XmlValidatorManager and XmlUserManager

CVE-2020-10991 CRITICAL

Mulesoft APIkit < 1.3.0 - XML External Entity Injection via RestXmlSchemaValidator

CVE-2020-10990 CRITICAL

Accenture Mercury < 1.12.28 - XML External Entity Injection in SimpleXmlParser

CVE-2020-2171 HIGH

Jenkins RapidDeploy Plugin < 4.2 - XML External Entity Injection

CVE-2020-10799 CRITICAL

svglib < 0.9.3 - XML External Entity Injection via svg2rlg

CVE-2020-8540 CRITICAL

Zoho ManageEngine Desktop Central <07-Mar-2020 - SSRF

CVE-2020-9044 HIGH

Johnson Controls Metasys Family - XML External Entity Injection

CVE-2020-2144 HIGH

Jenkins Rundeck Plugin < 3.6.6 - XML External Entity Injection

CVE-2020-2138 HIGH

Jenkins Cobertura Plugin < 1.15 - XML External Entity Injection

CVE-2020-9352 CRITICAL

SmartClient 12.0 - Unauthenticated XML External Entity Injection via Developer Console Operations

CVE-2020-1693 HIGH

Spacewalk < 2.9 - Unauthenticated XML External Entity Injection via /rpc/api Endpoint

CVE-2020-1975 MEDIUM

PAN-OS 8.1.0-8.1.11 - Authenticated XML External Entity Injection in Web Interface

CVE-2020-6187 MEDIUM

SAP NetWeaver Guided Procedures 7.10-7.50 - XML External Entity Injection

CVE-2020-2120 HIGH

Jenkins FitNesse Plugin < 1.30 - XML External Entity Injection

CVE-2020-2115 HIGH

Jenkins NUnit < 0.25 - XML External Entity Injection

CVE-2020-2108 HIGH

Jenkins WebSphere Deployer Plugin < 1.6.1 - XML External Entity Injection via Job Configuration

Previous Page 30 of 51 Next

Details

Vulnerabilities 1,253

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy