Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-611

CWE-611

Improper Restriction of XML External Entity Reference

Parent: CWE-610 - Externally Controlled Reference to a Resource in Another Sphere

The product processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output.

1,254 vulnerabilities with CWE-611

CVE-2017-1000496 HIGH

Commsy 9.0.0 - XML External Entity Injection in Configuration Import

CVE-2017-14101 CRITICAL

Conserus Image Repository <2.1.1.105 - XSS

CVE-2017-11286 HIGH

Adobe ColdFusion 2016 Update 4 and earlier, 11 Update 12 and earlier - XML External Entity Injection

CVE-2017-14949 HIGH

Restlet Framework < 2.3.12 - XML External Entity Injection via REST API HTTP Request

CVE-2017-14868 HIGH

Restlet Framework < 2.3.11 - XML External Entity Injection via SimpleXMLProvider

CVE-2017-1000190 CRITICAL

Apache Solr - XML External Entity Injection via SimpleXML Parser

CVE-2017-10889 MEDIUM

TablePress < 1.8.1 - XML External Entity Injection

CVE-2017-1477 HIGH

IBM Security Access Manager 9.0.3 - XML External Entity Injection

CVE-2017-9096 HIGH

iText < 5.5.12 and 7.x < 7.0.3 - XML External Entity Injection

CVE-2017-15639 MEDIUM

Mura CMS < 6.1 - XML External Entity Injection via RSS Feed Parser

CVE-2017-12629 CRITICAL

Apache Solr < 7.1 - Remote Code Execution via XXE in XML Query Parser

CVE-2017-10617 MEDIUM

Juniper Contrail 2.2-2.21.3, 3.0-3.0.3.3, 3.1-3.1.3.9, 3.2-3.2.4.9 - XML External Entity Injection via ifmap Service

CVE-2017-15280 MEDIUM

Umbraco CMS < 7.7.3 - XML External Entity Injection via Import Document Type Dialog

CVE-2017-12623 MEDIUM

Apache NiFi 1.0.0-1.3.0 - Authenticated XML External Entity Injection via Template Upload

CVE-2017-13706 CRITICAL

Lansweeper < 6.0.100.29 - Authenticated XML External Entity Injection in Import Package Functionality

CVE-2017-14759 CRITICAL

OpenText Document Sciences xPression <4.5SP1 Patch 13 - SSRF

CVE-2017-12620 CRITICAL

Apache OpenNLP 1.5.0-1.5.3 1.6.0 1.7.0-1.7.2 1.8.0-1.8.1 - XML External Entity Injection

CVE-2017-14527 HIGH

OpenText Documentum Webtop 6.8.0160.0073 - RCE

CVE-2017-14526 HIGH

OpenText Documentum Administrator 7.2.0180.0055 - RCE

CVE-2017-12621 CRITICAL

Apache Commons Jelly < 1.0.1 - XML External Entity Injection via Custom Doctype Entity

CVE-2017-1527 HIGH

IBM Business Process Manager 7.5, 8.0, and 8.5 - XML External Entity Injection

CVE-2017-8710 MEDIUM

Microsoft Windows 7 SP1, Server 2008 SP2/R2 SP1 - XXE in Common Console Document

CVE-2017-8918 MEDIUM

Blackwave Dive Assistant - Desktop Edition 8.0 - Info Disclosure

CVE-2017-8040 MEDIUM

Pivotal Cloud Foundry SSO 1.3.x < 1.3.4, 1.4.x < 1.4.3 - XXE via Dashboard Upload

CVE-2017-9095 MEDIUM

Diving Log < 6.0.9 - XML External Entity Injection via Subsurface Import

Previous Page 44 of 51 Next

Details

Vulnerabilities 1,254

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy