CWE-611

Improper Restriction of XML External Entity Reference

Parent: CWE-610 - Externally Controlled Reference to a Resource in Another Sphere

The product processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output.

1,253 vulnerabilities with CWE-611
CVE-2020-2092 HIGH
Jenkins Robot Framework < 2.0.0 - XML External Entity Injection
CVSS 8.8
CVE-2020-6958 CRITICAL
Yet Another Java Service Wrapper 12.14 - XML External Entity Injection in JnlpSupport
CVSS 9.1
CVE-2019-25253 HIGH
KYOCERA Net Admin 3.4.0906 - XXE Injection
CVSS 7.5
CVE-2019-3752 HIGH
Dell EMC Avamar Server and Integrated Data Protection Appliance - XML External Entity Injection
CVSS 8.2
CVE-2019-4730 HIGH
IBM Cognos Analytics 11.0 and 11.1 - XML External Entity Injection
CVSS 7.1
CVE-2019-18943 MEDIUM
Micro Focus Solutions Business Manager <11.7.1 - XXE
CVSS 6.1
CVE-2019-17637 HIGH
Eclipse Web Tools Platform < 3.18 - XML External Entity Injection via DTD File Processing
CVSS 7.1
CVE-2019-4391 HIGH
HCL AppScan Standard < 9.0.3.14 - XML External Entity Injection
CVSS 8.2
CVE-2019-20627 CRITICAL
AutoUpdater.NET < 1.5.8 - XML External Entity Injection in AutoUpdater.cs
CVSS 9.8
CVE-2019-20191 HIGH
Oxygen XML Editor < 21.1.1 - XML External Entity Injection
CVSS 7.5
CVE-2019-6194 MEDIUM
Lenovo XClarity Administrator < 2.6.6 - XML External Entity Injection
CVSS 5.7
CVE-2019-10782 MEDIUM
checkstyle < 8.29 - XML External Entity Injection
CVSS 5.3
CVE-2019-4707 HIGH
IBM Security Access Manager Appliance 9.0.7.0 - XXE
CVSS 7.1
CVE-2019-18412 HIGH
JetBrains IDETalk < 193.4099.10 - XML External Entity Injection
CVSS 7.5
CVE-2019-17020 MEDIUM
Firefox < 72.0 - Content Security Policy Bypass via XSL Stylesheet
CVSS 6.5
CVE-2019-15983 MEDIUM
Cisco Data Center Network Manager < 11.3(1) - Authenticated XML External Entity Injection via SOAP API
CVSS 4.9
CVE-2019-20153 MEDIUM
Determine Contract Lifecycle Management v5.4 - Authenticated XML External Entity Injection via Definition Upload Feature
CVSS 4.9
CVE-2019-3768 MEDIUM
RSA Authentication Manager < 8.4 P7 - Authenticated XML External Entity Injection
CVSS 6.5
CVE-2019-19032 HIGH
XMLBlueprint <16.191112 - XML External Entity Injection
CVSS 8.1
CVE-2019-19031 HIGH
Easy XML Editor <1.7.8 - XML External Entity Injection
CVSS 8.1
CVE-2019-19998 HIGH
Xiuno BBS 4.0 - XML External Entity Injection via WeChat Public Plugin Token Route
CVSS 7.5
CVE-2019-16549 HIGH
Jenkins Maven Release Plugin <0.16.1 - XXE
CVSS 8.1
CVE-2019-19702 HIGH
modoboa-dmarc < 1.2.0 - XML External Entity Injection via DMARC Report Processing
CVSS 7.5
CVE-2019-11216 MEDIUM
BMC Remedy Smart Reporting 9.1.03 - Authenticated XML External Entity Injection via Import Functionality
CVSS 6.5
CVE-2019-17554 MEDIUM
Apache Olingo 4.0.0-4.6.0 - XML External Entity Injection via XML Content Type Deserialization
CVSS 5.5
Details
Vulnerabilities 1,253
Links
MITRE CWE Entry Search this CWE With Exploits