Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-611

CWE-611

Improper Restriction of XML External Entity Reference

Parent: CWE-610 - Externally Controlled Reference to a Resource in Another Sphere

The product processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output.

1,254 vulnerabilities with CWE-611

CVE-2017-12216 HIGH

Cisco SocialMiner - XML External Entity Injection via Crafted XML File Import

CVE-2017-9458 CRITICAL

Palo Alto Networks PAN-OS XML External Entity Injection in GlobalProtect Gateway Interface

CVE-2017-1458 HIGH

IBM QRadar Network Security 5.4 - XML External Entity Injection

CVE-2017-12069 HIGH

OPC Foundation UA .NET Sample Code <2017-03-21 - XXE

CVE-2017-11272 HIGH

Adobe Digital Editions < 4.5.5 - Exposure of Sensitive Information

CVE-2017-1192 HIGH

IBM Sterling B2B Integrator 5.2 - XXE

CVE-2017-11390 HIGH

Trend Micro Control Manager 6.0 - XML External Entity Injection

CVE-2017-1383 CRITICAL

IBM InfoSphere Information Server <11.5 - XXE

CVE-2017-9233 HIGH

libexpat < 2.2.0 - XML External Entity Injection via Malformed External Entity Definition

CVE-2017-11457 MEDIUM

SAP NetWeaver AS JAVA 7.5 - Authenticated XML External Entity Injection in com.sap.km.cm.ice

CVE-2017-1219 MEDIUM

IBM BigFix Platform - XML External Entity Injection

CVE-2017-7664 CRITICAL

Apache OpenMeetings 3.1.0 - Info Disclosure

CVE-2017-1000061 HIGH

xmlsec <1.2.23 - Info Disclosure/DoS

CVE-2017-1000021 HIGH

LogicalDoc CE <7.5.3 - Info Disclosure

CVE-2017-8557 MEDIUM

Windows System Information Console - Information Disclosure via XML External Entity Injection

CVE-2017-0170 MEDIUM

Windows Performance Monitor - XML External Entity Injection

CVE-2017-1254 HIGH

IBM Security Guardium 10.0 - XML External Entity Injection

CVE-2017-10670 CRITICAL

OSCI Transport Library 1.6.1 (Java) and 1.6 (.NET) - XML External Entity Injection via OSCI Message

CVE-2017-1322 HIGH

IBM API Connect 5.0.6.0 - XML External Entity Injection

CVE-2017-6662 HIGH

Cisco Prime Infrastructure 1.1-3.1.6 & Evolved Programmable Network Manager 1.2-2.1 - Authenticated RCE via XXE

CVE-2017-9231 HIGH

Citrix XenMobile Server <10.5 - Info Disclosure

CVE-2017-2308 MEDIUM

Juniper Networks Junos Space <16.1R1 - Info Disclosure

CVE-2017-9295 MEDIUM

Hitachi Device Manager < 8.5.2 - Authenticated XML External Entity Injection

CVE-2017-8913 HIGH

SAP NetWeaver AS JAVA 7.5 - Authenticated XML External Entity Injection in Visual Composer VC70RUNTIME

CVE-2017-1289 HIGH

IBM SDK for Java Technology < 6 - XML External Entity Injection

Previous Page 45 of 51 Next

Details

Vulnerabilities 1,254

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy