Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-611

CWE-611

Improper Restriction of XML External Entity Reference

Parent: CWE-610 - Externally Controlled Reference to a Resource in Another Sphere

The product processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output.

1,253 vulnerabilities with CWE-611

CVE-2018-1424 HIGH

IBM Marketing Platform 9.1.0, 9.1.2, and 10.1 - XML External Entity Injection

CVE-2018-15362 CRITICAL

GE Proficy Cimplicity GDS <10.0 - SSRF

CVE-2018-16792 CRITICAL

SolarWinds SFTP/SCP <2018-09-10 - Info Disclosure

CVE-2018-1730 HIGH

IBM QRadar SIEM 7.2-7.3 - XML External Entity Injection

CVE-2018-1905 HIGH

IBM WebSphere Application Server <9.0.0.10 - XXE

CVE-2018-19244 HIGH

Charles 4.2.7 - XML External Entity Injection via Import/Export Setup

CVE-2018-15444 MEDIUM

Cisco Energy Management Suite Software - Authenticated XML External Entity Injection via XML File Import

CVE-2018-17186 HIGH

Apache Syncope - XML External Entity Injection

CVE-2018-18980 HIGH

ManageEngine Network Configuration Manager & OpManager < 12.3.214 - XXE via RequestXML

CVE-2018-1846 HIGH

IBM Rational Engineering Lifecycle Manager 5.0-5.0.2 and 6.0-6.0.6 - XML External Entity Injection

CVE-2018-1835 HIGH

IBM Daeja ViewONE Professional, Standard & Virtual 5 - XML External Entity Injection

CVE-2018-17912 HIGH

CASE Suite < 3.10 - XML External Entity Injection via Parameter Entity Processing

CVE-2018-18737 HIGH

Douchat 4.0.4 - XML External Entity Injection via Data/notify.php

CVE-2018-18659 HIGH

Arcserve UDP - Unauthenticated XML External Entity Injection via /management/UdpHttpService

CVE-2018-1747 HIGH

IBM Security Key Lifecycle Manager 2.5-2.5.0.9 - XML External Entity Injection

CVE-2018-1844 HIGH

IBM FileNet Content Manager 5.2.1 and 5.5.0 - XML External Entity Injection

CVE-2018-12544 CRITICAL

Eclipse Vert.x 3.5.Beta1-3.5.3 - XML External Entity Injection via OpenAPI XML Type Validator

CVE-2018-8533 MEDIUM

Microsoft SQL Server Management Studio <18 - Info Disclosure

CVE-2018-8532 MEDIUM

Microsoft SQL Server Management Studio <18.0 - Info Disclosure

CVE-2018-8527 MEDIUM

Microsoft SQL Server Management Studio <18.0 - Info Disclosure

CVE-2018-8494 HIGH

Microsoft XML Core Services MSXML Parser - Remote Code Execution

CVE-2018-11796 HIGH

Apache Tika 0.1-1.19 - XML External Entity Injection via SAXParser Reset

CVE-2018-10614 HIGH

LeviStudioU 1.8.29 and 1.8.44 - XML External Entity Injection via Project XML File Processing

CVE-2018-17889 MEDIUM

WECON PI Studio < 4.2.34 and PI Studio HMI < 4.1.9 - XML External Entity Injection in Project File Parser

CVE-2018-0414 MEDIUM

Cisco Secure Access Control Server < 5.8 - Authenticated XML External Entity Injection via XML File Import

Previous Page 38 of 51 Next

Details

Vulnerabilities 1,253

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy