Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-611

CWE-611

Improper Restriction of XML External Entity Reference

Parent: CWE-610 - Externally Controlled Reference to a Resource in Another Sphere

The product processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output.

1,254 vulnerabilities with CWE-611

CVE-2016-5002 HIGH

Apache XML-RPC 3.1.3 - XML External Entity Injection via Crafted DTD

CVE-2016-4434 HIGH

Apache Tika < 1.13 - XML External Entity Injection via OOXML Spreadsheets and XMP Metadata

CVE-2016-5795 HIGH

ALC Liebert SiteScan <6.5 - XSS

CVE-2016-8739 HIGH

Apache CXF <3.0.12, <3.1.9 - Info Disclosure

CVE-2016-6798 CRITICAL

Apache Sling XSS Protection API < 1.0.12 - XML External Entity Injection via Insecure SAX Parser

CVE-2016-9698 HIGH

IBM Rhapsody DM 4.0-6.0 - XML External Entity Injection

CVE-2016-0254 MEDIUM

IBM Cognos Business Intelligence <10.2 - DoS

CVE-2016-6256 CRITICAL

SAP Business One for Android <1.2.3 - XSS

CVE-2016-9691 HIGH

IBM WebSphere Cast Iron Solution 7.0.0-7.5.0.0 - XML External Entity Injection

CVE-2016-7051 HIGH

jackson-dataformat-xml < 2.7.8 - Server-Side Request Forgery via DTD Processing

CVE-2016-6805 MEDIUM

Apache Ignite < 1.9 - XML External Entity Injection via Update-Notifier Documents

CVE-2016-9707 HIGH

IBM Rational Rhapsody Design Manager - XML External Entity Injection

CVE-2016-6111 CRITICAL

IBM Curam Social Program Management <7.0 - DoS

CVE-2016-9924 CRITICAL

Zimbra Collaboration Suite < 8.7.3 - XML External Entity Injection

CVE-2016-10149 HIGH

PySAML2 < 4.4.0 - XML External Entity Injection via SAML XML Request or Response

CVE-2016-5749 MEDIUM

NetIQ Access Manager <4.1.2-4.2.2 - Info Disclosure

CVE-2016-5748 MEDIUM

NetIQ Access Manager <4.1.2-4.2.2 - Info Disclosure

CVE-2016-4931 MEDIUM

Junos Space < 15.2 - XML External Entity Injection

CVE-2016-9724 HIGH

IBM QRadar SIEM 7.2 - XML External Entity Injection

CVE-2016-10127 CRITICAL

PySAML2 < 4.5.0 - XML External Entity Injection via SAML XML Request or Response

CVE-2016-8974 HIGH

IBM Rational Rhapsody Design Manager 4.0-6.0 - XML External Entity Injection

CVE-2016-4312 HIGH

WSO2 Identity Server 5.1.0 - Authenticated XML External Entity Injection via XACML Request

CVE-2016-9706 CRITICAL

IBM Integration Bus 9.0-10.0 and WebSphere Message Broker - XML External Entity Injection in SOAP FLOWS

CVE-2016-8348 CRITICAL

Emerson Liebert SiteScan <6.5 - XSS

CVE-2016-8980 HIGH

IBM BigFix Inventory 9.2 - XML External Entity Injection

Previous Page 47 of 51 Next

Details

Vulnerabilities 1,254

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy