Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-611

CWE-611

Improper Restriction of XML External Entity Reference

Parent: CWE-610 - Externally Controlled Reference to a Resource in Another Sphere

The product processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output.

1,253 vulnerabilities with CWE-611

CVE-2019-14258 HIGH

Zenoss 2.5.3 - Unauthenticated XML External Entity Injection via XML-RPC Subsystem

CVE-2019-4424 HIGH

IBM Business Automation Workflow <19.0.0.2 - XXE

CVE-2019-4340 HIGH

IBM Security Guardium Big Data Intelligence 4.0 - XXE

CVE-2019-4433 HIGH

IBM InfoSphere Global Name Management <6.0 & Identity Insight <9.0 ...

CVE-2019-4419 HIGH

IBM Intelligent Operations Center <5.2.0 - XXE

CVE-2019-1187 MEDIUM

Windows XmlLite - Denial of Service via XML External Entity Injection

CVE-2019-1057 HIGH

Microsoft Windows - Remote Code Execution via MSXML Parser

CVE-2019-0340 MEDIUM

SAP Enable Now < 1902 - XML External Entity Injection via File Upload

CVE-2019-14693 HIGH

Zoho ManageEngine AssetExplorer <6.2.0 - XXE

CVE-2019-13176 HIGH

3CX Phone System Management Console - XML External Entity Injection

CVE-2019-4456 HIGH

IBM Daeja ViewONE 5.0.5-5.0.6 - XML External Entity Injection

CVE-2019-4062 HIGH

IBM i2 Intelligent Analysis Platform 9.0.0-9.1.1 - XML External Entity Injection

CVE-2019-10266 HIGH

Ahsay Cloud Backup Suite 7.7.0.0-8.1.1.50 - Unauthenticated XML External Entity Injection

CVE-2019-10264 HIGH

Ahsay Cloud Backup Suite < 8.1.1.50 - Authenticated XML External Entity Injection via Import Users Feature

CVE-2019-13990 CRITICAL

Terracotta Quartz Scheduler <2.3.0 - SSRF

CVE-2019-10976 MEDIUM

Mitsubishi Electric FR Configurator2 < 1.16s - XML External Entity Injection via Project/Template File Parsing

CVE-2019-2861 MEDIUM

Oracle Hyperion Planning 11.1.2.4 - XML External Entity Injection

CVE-2019-1010202 MEDIUM

Jeesite 1.2.7 - Authenticated XML External Entity Injection in ActProcessService

CVE-2019-7847 HIGH

Adobe Campaign Classic <18.10.5-8984 - XXE

CVE-2019-1010268 CRITICAL

Ladon 0.6.1-0.9.39 - XML External Entity Injection in SOAP Request Handlers

CVE-2019-13625 CRITICAL

Ghidra < 9.0.1 - XML External Entity Injection via Project File Import

CVE-2019-12924 CRITICAL

MailEnable 6.0-<6.90 - Unauthenticated XML External Entity Injection

CVE-2019-13358 HIGH

OpenCats < 0.9.4-3 - XML External Entity Injection via DOCX/ODT File Upload

CVE-2019-13031 HIGH

LemonLDAP::NG < 1.9.20 - XML External Entity Injection via Notification Server

CVE-2019-9843 HIGH

DiffPlug Spotless <1.20.0/<3.20.0 - Info Disclosure

Previous Page 33 of 51 Next

Details

Vulnerabilities 1,253

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy