Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-611

CWE-611

Improper Restriction of XML External Entity Reference

Parent: CWE-610 - Externally Controlled Reference to a Resource in Another Sphere

The product processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output.

1,253 vulnerabilities with CWE-611

CVE-2019-10080 MEDIUM

Apache NiFi 1.3.0-1.9.2 - XML External Entity Injection in XMLFileLookupService

CVE-2019-17085 MEDIUM

Micro Focus Operations Agent 12.0-12.11 - XML External Entity Injection

CVE-2019-10172 HIGH

org.codehaus.jackson:jackson-mapper-asl:1.9.x - XXE

CVE-2019-14678 CRITICAL

SAS XML Mapper 9.45 - XML External Entity Injection

CVE-2019-12331 HIGH

PHPOffice PhpSpreadsheet <1.8.0 - XXE

CVE-2019-8126 MEDIUM

Magento 2.2-2.2.10 and 2.3-2.3.3 - Authenticated XML External Entity Injection via XML Layout Processing

CVE-2019-18227 HIGH

Advantech WISE-PaaS/RMM < 3.3.29 - XML External Entity Injection

CVE-2019-9757 HIGH

LabKey Server <19.1.0 - Info Disclosure

CVE-2019-8087 HIGH

Adobe Experience Manager 6.2-6.5 - XML External Entity Injection

CVE-2019-8086 HIGH

Adobe Experience Manager 6.2-6.5 - XML External Entity Injection

CVE-2019-8082 HIGH

Adobe Experience Manager 6.2-6.4 - XML External Entity Injection

CVE-2019-18213 HIGH

XML Language Server < 0.9.1 - XML External Entity Injection via Crafted XML Document

CVE-2019-12415 MEDIUM

Apache POI < 4.1.0 - XML External Entity Injection via XSSFExportToXml

CVE-2019-10466 HIGH

Jenkins 360 FireLine Plugin < 1.7.2 - XML External Entity Injection

CVE-2019-14276 MEDIUM

WUSTL XNAT <1.7.5.3 - XML External Entity (XXE)

CVE-2019-1060 HIGH

Windows Remote Code Execution via MSXML Parser

CVE-2019-12711 MEDIUM

Cisco Unified Communications Manager - XML External Entity Injection

CVE-2019-16188 HIGH

HCL AppScan Source < 9.03.13 - XML External Entity Injection via .ozasmt File Import

CVE-2019-9488 MEDIUM

Trend Micro Deep Security Manager 10.x-11.x and Vulnerability Protection 2.0 - XML External Entity Injection

CVE-2019-16174 HIGH

Limesurvey <3.17.14 - Code Injection

CVE-2019-6179 HIGH

Lenovo XClarity Administrator < 2.5.0 and XClarity Integrator < 6.1.0/< 7.7.0 - XML External Entity Injection

CVE-2019-13608 HIGH KEV

Citrix StoreFront Server < 1903 - XML External Entity Injection

CVE-2019-15641 MEDIUM

Webmin < 1.930 - Authenticated XML External Entity Injection via xmlrpc.cgi

CVE-2019-15637 HIGH

Tableau Server 10.5-10.5.17 - XML External Entity Injection via Workbook

CVE-2019-4513 HIGH

IBM Security Access Manager for Enterprise Single Sign-On <8.2.2 - XXE

Previous Page 32 of 51 Next

Details

Vulnerabilities 1,253

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy