Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-611

CWE-611

Improper Restriction of XML External Entity Reference

Parent: CWE-610 - Externally Controlled Reference to a Resource in Another Sphere

The product processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output.

1,254 vulnerabilities with CWE-611

CVE-2015-1811 HIGH

CloudBees Jenkins < 1.596.1 and < 1.600 - XML External Entity Injection

CVE-2015-1809 HIGH

CloudBees Jenkins < 1.600 and LTS < 1.596.1 - XML External Entity Injection via XPath Query

CVE-2015-8549 HIGH

PyAMF < 0.8.0 - XML External Entity Injection via AMF Payload

CVE-2015-3907 CRITICAL

CodeIgniter Rest Server <2.7.1 - XML External Entity Injection

CVE-2015-9280 CRITICAL

MailEnable < 8.60 - XML External Entity Injection via Options Parameter

CVE-2015-7461 MEDIUM

IBM Connections < 3.0.1.1, 4.0, 4.5, 5.0 < CR4 - Authenticated XML External Entity Injection

CVE-2015-7241 CRITICAL

SAP NetWeaver < 7.0 - XML External Entity Injection

CVE-2015-3160 MEDIUM

Beaker < 20.0 - Authenticated XML External Entity Injection via Job XML Submission

CVE-2015-0194 MEDIUM

IBM Sterling B2B Integrator and Sterling File Gateway - XML External Entity Injection

CVE-2015-7326 CRITICAL

Milton Webdav < 2.7.0.1 - XML External Entity Injection

CVE-2015-7273 CRITICAL

Dell iDRAC 7/8 < 2.21.21.21 - XML External Entity Injection

CVE-2015-7743 MEDIUM

PRTG Network Monitor <16.2.23.3077-3078 - Info Disclosure

CVE-2015-1832 CRITICAL

Apache Derby < 10.12.1.1 - XML External Entity Injection via SqlXmlUtil

CVE-2015-8866 CRITICAL

PHP < 5.5.22 - XML External Entity Injection via libxml_disable_entity_loader Bypass

HP WebInspect 7.8-10.4 - Authenticated XML External Entity Injection

XML::LibXML < 2.0119 - XML External Entity Injection via _clone Function

CVE-2014-125087 MEDIUM

java-xmlbuilder < 1.2 - XML External Entity Injection

CVE-2014-2052 CRITICAL

Zend Framework <6.0.2 - Info Disclosure

CVE-2014-5238 HIGH

Open-Xchange AppSuite < 7.4.2-rev11 and 7.6.x < 7.6.0-rev9 - XXE via OpenDocument Text Document

CVE-2014-3643 HIGH

jersey < 1.13 - XML External Entity Injection via SAX Parser

CVE-2014-3599 MEDIUM

HornetQ REST < 2.5.0.Beta1 - XML External Entity Injection via Insecure RestEasy Configuration

CVE-2014-2296 HIGH

Apero CAS Server < 3.4.12.1 - Unauthenticated XML External Entity Injection in SamlUtils

CVE-2014-0950 HIGH

IBM Rational ClearQuest 7.1.1-7.1.1.9, 7.1.2-7.1.2.13, 8.0.0-8.0.0.10, 8.0.1-8.0.1.3 - XML External Entity Injection

CVE-2014-0931 CRITICAL

IBM Rational ClearCase 7.1-7.1.2.13, 8.0-8.0.0.10, 8.0.1-8.0.1.3 - XML External Entity Injection

CVE-2014-3990 CRITICAL

OpenCart < 1.5.6.4 - Server-Side Request Forgery and XML External Entity Injection via Cart Update

Previous Page 49 of 51 Next

Details

Vulnerabilities 1,254

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy