Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-611

CWE-611

Improper Restriction of XML External Entity Reference

Parent: CWE-610 - Externally Controlled Reference to a Resource in Another Sphere

The product processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output.

1,254 vulnerabilities with CWE-611

CVE-2017-7907 MEDIUM

Schneider Electric Wonderware Historian Client < 2014 R2 SP1 - XML External Entity Injection

CVE-2017-7503 CRITICAL

Red Hat JBoss Enterprise Application Platform 7.0.5 - XML External Entity Injection via TransformerFactory

CVE-2017-1103 HIGH

IBM Rational Team Concert - XML External Entity Injection

CVE-2017-1149 HIGH

IBM UrbanCode Deploy 6.0-6.2 - XML External Entity Injection

CVE-2017-8110 CRITICAL

modified eCommerce Shopsoftware 2.0.2.2 rev 10690 - XML External Entity Injection in API Endpoint

CVE-2017-3548 MEDIUM

Oracle PeopleSoft Products <8.56 - Info Disclosure

CVE-2017-8056 MEDIUM

WatchGuard Fireware < 11.2.1 - Denial of Service via XML External Entity Injection

CVE-2017-5662 HIGH

Apache Batik < 1.9 - XML External Entity Injection

CVE-2017-5661 HIGH

Apache FOP < 2.2 - XML External Entity Injection via Malicious SVG File

CVE-2017-7457 MEDIUM

Moxa MX-AOPC Server 1.5 - Info Disclosure

CVE-2017-6895 CRITICAL

USB Pratirodh - XML External Entity Injection via usb.xml

CVE-2017-3811 MEDIUM

Cisco WebEx Meetings Server <2.6 - XSS

CVE-2017-6344 MEDIUM

Grails PDF Plugin 0.6 - XML External Entity Injection

CVE-2017-3839 MEDIUM

Cisco Secure Access Control System 5.8(2.5) - XML External Entity Injection

CVE-2017-6055 HIGH

eParakstitajs 3 < 1.3.8 - XML External Entity Injection via Crafted edoc File

CVE-2017-5992 HIGH

openpyxl < 2.4.2 - XML External Entity Injection via Crafted .xlsx Document

CVE-2016-15026 MEDIUM

3breadt dd-plist <1.17 - XML External Entity Reference

CVE-2016-15011 MEDIUM

e-Contract dssp <1.3.2 - XML External Entity Reference

CVE-2016-8526 HIGH

Aruba Airwave < 8.2.3.1 - XML External Entity Injection

CVE-2016-9491 MEDIUM

ManageEngine Applications Manager 12-13 < 13690 - Authenticated XML External Entity Injection

CVE-2016-9487 HIGH

EpubCheck 4.0.1 - XML External Entity Injection in EPUB File Validation

CVE-2016-0250 MEDIUM

IBM InfoSphere Information Governance Catalog <11.3.1.2, <11.5.0.1 ...

CVE-2016-0268 MEDIUM

IBM Financial Transaction Manager 2.1.1.2 and 3.0.0.x < fp0013 - Authenticated XML External Entity Injection

CVE-2016-0369 LOW

IBM Forms Experience Builder <8.6 - Info Disclosure

CVE-2016-0219 MEDIUM

IBM Rational Team Concert <6.0.1 - DoS

Previous Page 46 of 51 Next

Details

Vulnerabilities 1,254

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy