Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-611

CWE-611

Improper Restriction of XML External Entity Reference

Parent: CWE-610 - Externally Controlled Reference to a Resource in Another Sphere

The product processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output.

1,253 vulnerabilities with CWE-611

CVE-2018-11586 CRITICAL

SearchBlox 8.6.7 - Unauthenticated XML External Entity Injection via REST API Status Endpoint

CVE-2018-1000198 MEDIUM

Jenkins Black Duck Hub Plugin <3.1.0 - SSRF

CVE-2018-10613 HIGH

GE MDS PulseNET and MDS PulseNET Enterprise <= 3.2.1 - XML External Entity Injection

CVE-2018-10653 CRITICAL

Citrix XenMobile Server <10.8 - XSS

CVE-2018-1309 CRITICAL

Apache NiFi < 1.6.0 - XML External Entity Injection in SplitXML Processor

CVE-2018-8010 MEDIUM

Apache Solr 6.0.0-6.6.3 and 7.0.0-7.3.0 - XML External Entity Injection in Config Files

CVE-2018-4942 HIGH

Adobe ColdFusion - XML External Entity Injection

CVE-2018-10832 MEDIUM

ModbusPal 1.6b - XML External Entity Injection via Crafted .xmpp or .xmpa Files

CVE-2018-1259 HIGH

Spring Data Commons 1.13-1.13.11 & 2.0-2.0.6 - XXE via Projection-Based Request Binding

CVE-2018-0765 HIGH

.NET and .NET Core - Denial of Service via XML Document Processing

CVE-2018-1247 HIGH

RSA Authentication Manager < 8.3 - XML External Entity Injection via Malicious DTD

CVE-2018-1183 CRITICAL

Dell EMC <8.4.0.8 - Info Disclosure

CVE-2018-10175 MEDIUM

Digital Guardian Management Console <7.1.2.0015 - SSRF

CVE-2018-10077 MEDIUM

Geist WatchDog Console 3.2.2 - Info Disclosure

CVE-2018-1308 HIGH

Apache Solr 1.2-6.6.2 and 7.0.0-7.2.1 - XML External Entity Injection via DataImportHandler Inline XML Parameter

CVE-2018-1421 HIGH

IBM WebSphere DataPower Appliances <7.6 - XXE

CVE-2018-9116 CRITICAL

WireMock < 2.16.0 - Unauthenticated XML External Entity Injection

CVE-2018-6225 MEDIUM

Trend Micro Email Encryption Gateway 5.5 - Authenticated XML External Entity Injection

CVE-2018-2401 MEDIUM

SAP Business Process Automation By Redwood - XML External Entity Injection

CVE-2018-1077 HIGH

Spacewalk 2.6 - XML External Entity Injection via API

CVE-2018-0878 LOW

Windows Remote Assistance - Information Disclosure via XML External Entity Processing

CVE-2018-1000124 CRITICAL

I Librarian I-librarian <4.8 - XML External Entity (XXE) SSRF

CVE-2018-1000090 HIGH

textpattern 4.6.2 - Denial of Service via XML External Entity Injection in Import XML Feature

CVE-2018-1000069 MEDIUM

FreePlane < 1.5.9 - XML External Entity Injection in Mindmap Loader

CVE-2018-5758 MEDIUM

Aurea Jive-n 9.0.2.1 - XML External Entity Injection via Upload File Functionality

Previous Page 41 of 51 Next

Details

Vulnerabilities 1,253

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy