CWE-611

Improper Restriction of XML External Entity Reference

Parent: CWE-610 - Externally Controlled Reference to a Resource in Another Sphere

The product processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output.

1,255 vulnerabilities with CWE-611
CVE-2011-4107 MEDIUM
phpMyAdmin <3.4.7.1 & <3.3.10.5 - XXE Injection
CVSS 6.5
CVE-2010-2245 HIGH
Apache Wink < 1.1.1 - XML External Entity Injection
CVSS 7.4
CVE-2010-3322 HIGH
Splunk 4.0.0-4.1.4 - Authenticated XML External Entity Injection
CVSS 8.8
CVE-2009-1699 HIGH
Apple Safari < 4.0 - XML External Entity Injection via XSL Stylesheet
CVSS 7.5
CVE-2005-1306 HIGH
Adobe Reader/Acrobat <7.0.1 - Info Disclosure
CVSS 7.5
Details
Vulnerabilities 1,255
Links
MITRE CWE Entry Search this CWE With Exploits