Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-611

CWE-611

Improper Restriction of XML External Entity Reference

Parent: CWE-610 - Externally Controlled Reference to a Resource in Another Sphere

The product processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output.

1,253 vulnerabilities with CWE-611

CVE-2019-4043 HIGH

IBM Sterling B2B Integrator 5.2.0-5.2.6.3 and 6.0.0.0 - XML External Entity Injection

CVE-2019-3481 HIGH

HP ArcSight Logger < 6.7 - XML External Entity Injection

CVE-2019-8997 MEDIUM

BlackBerry AtHoc < 7.6_hf-567 - XML External Entity Injection via Management Console

CVE-2019-9761 HIGH

PHPSHE 1.7 - Unauthenticated XML External Entity Injection via wechat_getxml

CVE-2019-5918 CRITICAL

Nablarch 5 and 5u1-5u13 - XML External Entity Injection

CVE-2019-0277 MEDIUM

SAP HANA Extended Application Services 1 - Authenticated XML External Entity Injection

CVE-2019-9658 MEDIUM

checkstyle < 8.18 - XML External Entity Injection

CVE-2019-1698 MEDIUM

Cisco IoT Field Network Director < 4.4(0.26) - Authenticated XML External Entity Injection via XML File Import

CVE-2019-0265 MEDIUM

SAP ABAP Platform Kernel 7.21-7.22 - Denial of Service via SLD Registration

CVE-2019-7722 HIGH

PMD < 5.8.1 - XML External Entity Injection in Ruleset File Parsing

CVE-2019-1003015 CRITICAL

Jenkins Job Import Plugin <2.1 - RCE

CVE-2019-3774 CRITICAL

Spring Batch < 3.0.9 - XML External Entity Injection

CVE-2019-3773 CRITICAL

Spring Web Services < 2.4.3 - XML External Entity Injection

CVE-2019-3772 CRITICAL

Spring Integration < 4.3.18 - XML External Entity Injection

CVE-2019-5748 CRITICAL

Traccar Server 4.2 - XML External Entity Injection in Spot Protocol Decoder

CVE-2019-5312 CRITICAL

.weixin-java-tools <3.3.0 - XML External Entity

CVE-2018-25142 CRITICAL

NovaRad NovaPACS Diagnostics Viewer <8.5.19.75 - XXE Injection

CVE-2018-25082 MEDIUM

zwczou WeChat SDK Python <0.5.5 - XML External Entity Reference

CVE-2018-1285 CRITICAL

Apache log4net < 2.0.10 - XML External Entity Injection in Configuration Parser

CVE-2018-20687 CRITICAL

Raritan CommandCenter Secure Gateway < 8.0.0 - Unauthenticated XML External Entity Injection via WSDL Endpoint

CVE-2018-14383 HIGH

Transition Technologies 'The Scheduler' app <5.1.3 - XXE

CVE-2018-17152 MEDIUM

Intersystems Cache <2017.2.2.865.0 - XML Injection

CVE-2018-20843 HIGH

libexpat < 2.2.7 - Denial of Service via XML Names with Excessive Colons

CVE-2018-15506 CRITICAL

BubbleUPnP 0.9 update 30 - XML External Entity Injection in SSDP/UPnP XML Parser

CVE-2018-18471 CRITICAL

Axentra Hipserv - XML External Entity Injection in REST Aggregator

Previous Page 35 of 51 Next

Details

Vulnerabilities 1,253

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy