Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-611

CWE-611

Improper Restriction of XML External Entity Reference

Parent: CWE-610 - Externally Controlled Reference to a Resource in Another Sphere

The product processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output.

1,255 vulnerabilities with CWE-611

CVE-2014-3990 CRITICAL

OpenCart < 1.5.6.4 - Server-Side Request Forgery and XML External Entity Injection via Cart Update

CVE-2014-3244 CRITICAL

SugarCRM < 6.5.16 - XML External Entity Injection via RSSDashlet

CVE-2014-3005 CRITICAL

Zabbix 1.8.x-1.8.20 2.0.x-2.0.12 2.2.x-2.2.4 2.3.x-2.3.1 - XML External Entity Injection via DTD in XML Request

CVE-2014-3630 CRITICAL

Play Framework < 2.2.6 and 2.3.x < 2.3.5 - XML External Entity Injection

CVE-2014-3600 CRITICAL

Apache ActiveMQ 5.x < 5.10.1 - XML External Entity Injection via XPath Selector

CVE-2014-3579 CRITICAL

Apache ActiveMQ Apollo 1.0.0-1.7.0 - XML External Entity Injection via XPath Selector

CVE-2014-9487 CRITICAL

MediaWiki <1.24.1, 1.23.8, 1.22.15, 1.19.23 - Info Disclosure

CVE-2014-0030 CRITICAL

Apache Roller - XML External Entity Injection

CVE-2014-0225 HIGH

Spring Framework 3.0.0-3.2.8 and 4.0.0-4.0.4 - XML External Entity Injection

Castor < 1.3.3 - XML External Entity Injection via Default Xerces SAX Parser Configuration

CVE-2013-4334 CRITICAL

opWebAPIPlugin 0.5.1, 0.4.0, and 0.1.0 - XML External Entity Injection

CVE-2013-4333 CRITICAL

OpenPNE 3.8.7, 3.6.11, 3.4.21.1, 3.2.7.6, 3.0.8.5 - XML External Entity Injection

Spring Framework < 3.2.5 - XML External Entity Injection and Cross-Site Request Forgery via Unsafe XML Parsing

libexpat < 2.4.0 - XML External Entity Injection

Redhat Enterprise Linux < 10.8.5 - XXE

ModSecurity < 2.7.3 - XML External Entity Injection

CVE-2012-1102 HIGH

XML::Atom < 0.39 - XML External Entity Injection

CVE-2012-2656 HIGH

Restlet 1.1.10 - XML External Entity Injection via XML Transport Endpoint

CVE-2012-3363 CRITICAL

Zend Framework 1.x < 1.11.12 and 1.12.x < 1.12.0 - XML External Entity Injection via XML-RPC Request

CVE-2012-5656 MEDIUM

Inkscape < 0.48.4 - XML External Entity Injection via SVG File Processing

CVE-2012-2239 CRITICAL

Mahara 1.4.0-1.4.3 and 1.5.0-1.5.2 - XML External Entity Injection

CVE-2012-4399 HIGH

CakePHP 2.1.0-2.1.4 and 2.1.0-alpha-2.1.4 - XML External Entity Injection

CVE-2012-3489 MEDIUM

PostgreSQL 8.3.0-8.3.19, 8.4.0-8.4.12, 9.0.0-9.0.8, 9.1.0-9.1.4 - XXE Injection via xml_parse

CVE-2012-0037 MEDIUM

Redland Raptor < 2.0.7 - XML External Entity Injection via RDF Document

CVE-2011-3600 HIGH

Apache OFBiz 16.11.01-16.11.04 - XML External Entity Injection via XML-RPC Endpoint

Previous Page 50 of 51 Next

Details

Vulnerabilities 1,255

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy