Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-776

CWE-776

Medium likelihood

Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')

Parent: CWE-674 - Uncontrolled Recursion

The product uses XML documents and allows their structure to be defined with a Document Type Definition (DTD), but it does not properly control the number of recursive definitions of entities.

71 vulnerabilities with CWE-776

CVE-2022-25857 HIGH

Snakeyaml < 1.31 - XML Entity Expansion

CVE-2022-0217 HIGH

Prosody - Info Disclosure

CVE-2022-33977 HIGH

untangle <1.2.0 - DoS

CVE-2022-34467 MEDIUM

Mendix Excel Importer < 9.2.2 - XML Entity Expansion

CVE-2022-26662 HIGH

Tryton Application Platform <5.0.45-6.2.5 - DoS

CVE-2022-23640 CRITICAL

Excel Streaming Reader < 2.1.0 - XXE

CVE-2021-41559 MEDIUM

Silverstripe < 4.10.9 - XML Entity Expansion

CVE-2021-40511 HIGH

OBDA systems' Mastro 1.0 - DoS

CVE-2021-20464 MEDIUM

IBM Cognos Analytics <11.2.0 - DoS

CVE-2021-31842 MEDIUM

Mcafee Endpoint Security < 10.7.0 - XML Entity Expansion

CVE-2021-38490 HIGH

Altova MobileTogether Server <7.3 SP1 - Info Disclosure

CVE-2021-3541 MEDIUM

CVE-2021-32623 HIGH

Apereo Opencast < 9.6 - XML Entity Expansion

CVE-2021-23926 CRITICAL

Apache Xmlbeans < 2.6.0 - XML Entity Expansion

CVE-2021-1267 MEDIUM

Cisco Secure Firewall Management Center < 6.6.1 - XML Entity Expansion

CVE-2020-15303 MEDIUM

Infoblox NIOS <8.5.2 - SSRF

CVE-2020-24665 MEDIUM

Hitachi Vantara Pentaho <7.1.0.25-<8.2.0.6-<8.3.0.0 - XML Entity Ex...

CVE-2020-24590 CRITICAL

WSO2 API Manager <3.1.0, API Microgateway 2.2.0 - SSRF

CVE-2020-11462 HIGH

Openvpn Access Server < 2.7.0 - XML Entity Expansion

CVE-2020-3946 HIGH

InstallBuilder <19.11 - DoS

CVE-2020-2172 MEDIUM

Jenkins Code Coverage API < 1.1.4 - XML Entity Expansion

CVE-2020-6856 MEDIUM

Sos-berlin Jobscheduler - XML Entity Expansion

CVE-2020-5227 MEDIUM

Feedgen < 0.9.0 - XML Entity Expansion

CVE-2019-19144 CRITICAL

Quantum DXi6702 <2.3.0.3 - SSRF

CVE-2019-20104 HIGH

Atlassian Crowd < 3.2.11 - XML Entity Expansion

Previous Page 2 of 3 Next

Details

Vulnerabilities 71

Exploit Likelihood Medium

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy