VYPR

CWE-610

Externally Controlled Reference to a Resource in Another Sphere

ClassDraft

Description

The product uses an externally controlled name or reference that resolves to a resource that is outside of the intended control sphere.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-219

CVEs mapped to this weakness (65)

page 2 of 4
  • CVE-2015-10142MedJul 25, 2025
    risk 0.45cvss epss 0.00

    Sitecore Experience Platform (XP) prior to 8.0 Initial Release (rev. 141212) and Content Management System (CMS) prior to 7.2 Update-3 (rev. 141226) and prior to 7.5 Update-1 (rev. 150130) contain a vulnerability that may allow an attacker to download files under the web root…

  • CVE-2025-8057MedSep 16, 2025
    risk 0.42cvss 6.5epss 0.00

    Authorization Bypass Through User-Controlled Key, Externally Controlled Reference to a Resource in Another Sphere, Improper Authorization vulnerability in Patika Global Technologies HumanSuite allows Exploiting Trust in Client. This issue affects HumanSuite: before 53.21.0.

  • CVE-2026-2536MedFeb 16, 2026
    risk 0.41cvss 6.3epss 0.00

    A vulnerability was determined in opencc JFlow up to 20260129. This affects the function Imp_Done of the file src/main/java/bp/wf/httphandler/WF_Admin_AttrFlow.java of the component Workflow Engine. This manipulation of the argument File causes xml external entity reference. The…

  • CVE-2026-2074MedFeb 7, 2026
    risk 0.41cvss 6.3epss 0.00

    A vulnerability was identified in O2OA up to 9.0.0. This impacts an unknown function of the file /x_program_center/jaxrs/mpweixin/check of the component HTTP POST Request Handler. The manipulation leads to xml external entity reference. It is possible to initiate the attack…

  • CVE-2026-1218MedJan 20, 2026
    risk 0.41cvss 6.3epss 0.00

    A vulnerability was detected in Bjskzy Zhiyou ERP up to 11.0. Impacted is the function initRCForm of the file RichClientService.class of the component com.artery.richclient.RichClientService. Performing a manipulation results in xml external entity reference. The attack is…

  • CVE-2025-13209MedNov 15, 2025
    risk 0.41cvss 6.3epss 0.00

    A weakness has been identified in bestfeng oa_git_free up to 9.5. This affects the function updateWriteBack of the file yimioa-oa9.5\server\c-flow\src\main\java\com\cloudweb\oa\controller\WorkflowPredefineController.java. This manipulation of the argument writeProp causes xml…

  • CVE-2025-11035MedSep 26, 2025
    risk 0.41cvss 6.3epss 0.00

    A vulnerability was determined in Jinher OA 2.0. The impacted element is an unknown function of the file /c6/Jhsoft.Web.module/ToolBar/ManageWord.aspx/?text=GetUrl&style=1. This manipulation causes xml external entity reference. The attack can be initiated remotely. The exploit…

  • CVE-2025-5877MedJun 9, 2025
    risk 0.41cvss 6.3epss 0.00

    A vulnerability, which was classified as problematic, has been found in Fengoffice Feng Office 3.2.2.1. Affected by this issue is some unknown functionality of the file /application/models/ApplicationDataObject.class.php of the component Document Upload Handler. The manipulation…

  • CVE-2025-2365MedMar 17, 2025
    risk 0.41cvss 6.3epss 0.00

    A vulnerability, which was classified as problematic, has been found in crmeb_java up to 1.3.4. Affected by this issue is the function webHook of the file WeChatMessageController.java. The manipulation leads to xml external entity reference. The attack may be launched remotely.…

  • CVE-2017-0211MedApr 12, 2017
    risk 0.40cvss 5.5epss 0.14

    An elevation of privilege vulnerability exists in Windows 10, Windows 8.1, Windows RT 8.1, Windows Server 2012, Windows Server 2012 R2, and Windows Server 2016 versions of Microsoft Windows OLE when it fails an integrity-level check, aka "Windows OLE Elevation of Privilege…

  • CVE-2026-30817MedApr 8, 2026
    risk 0.37cvss 5.7epss 0.00

    An external configuration control vulnerability in the OpenVPN module of TP-Link AX53 v1.0 allows an authenticated adjacent attacker to read arbitrary files when a malicious configuration file is processed. Successful exploitation may allow unauthorized access to arbitrary…

  • CVE-2026-30816MedApr 8, 2026
    risk 0.37cvss 5.7epss 0.00

    An external control of configuration vulnerability in the OpenVPN module of TP-Link AX53 v1.0 allows an authenticated adjacent attacker to read arbitrary file when a malicious configuration file is processed.  Successful exploitation may allow unauthorized access to arbitrary…

  • CVE-2025-15251MedDec 30, 2025
    risk 0.36cvss 5.6epss 0.00

    A vulnerability was detected in beecue FastBee up to 2.1. Impacted is the function getRootElement of the file springboot/fastbee-server/sip-server/src/main/java/com/fastbee/sip/handler/req/ReqAbstractHandler.java of the component SIP Message Handler. The manipulation results in…

  • CVE-2024-52792MedDec 17, 2024
    risk 0.35cvss 6.5epss 0.01

    LDAP Account Manager (LAM) is a php webfrontend for managing entries (e.g. users, groups, DHCP settings) stored in an LDAP directory. In affected versions LAM does not properly sanitize configuration values, that are set via `mainmanage.php` and `confmain.php`. This allows…

  • CVE-2024-6079MedAug 13, 2024
    risk 0.35cvss epss 0.00

    A vulnerability exists in the Rockwell Automation Emulate3D™, which could be leveraged to execute a DLL Hijacking attack. The application loads shared libraries, which are readable and writable by any user. If exploited, a malicious user could leverage a malicious dll and…

  • CVE-2024-13177MedApr 15, 2025
    risk 0.34cvss epss 0.00

    Netskope Client on Mac OS is impacted by a vulnerability in which the postinstall script does not properly validate the path of the file “nsinstallation”. A standard user could potentially create a symlink of the file “nsinstallation” to escalate the privileges of a…

  • CVE-2026-3404MedMar 2, 2026
    risk 0.33cvss 5.0epss 0.00

    A flaw has been found in thinkgem JeeSite up to 5.15.1. Impacted is an unknown function of the file /com/jeesite/common/shiro/cas/CasOutHandler.java of the component Endpoint. Executing a manipulation can lead to xml external entity reference. The attack may be performed from…

  • CVE-2017-15269MedNov 15, 2017
    risk 0.28cvss 4.3epss 0.01

    The PSFTPd 10.0.4 Build 729 server does not prevent FTP bounce scans by default. These can be performed using "nmap -b" and allow performing scans via the FTP server.

  • CVE-2020-8561MedSep 20, 2021
    risk 0.27cvss 4.1epss 0.02

    A security issue was discovered in Kubernetes where actors that control the responses of MutatingWebhookConfiguration or ValidatingWebhookConfiguration requests are able to redirect kube-apiserver requests to private networks of the apiserver. If that user can view…

  • CVE-2026-45003MedMay 11, 2026
    risk 0.26cvss 5.0epss 0.00

    OpenClaw before 2026.4.22 allows workspace dotenv files to override connector endpoint hosts for Matrix, Mattermost, IRC, and Synology connectors. Attackers with workspace access can redirect runtime traffic to malicious endpoints by setting endpoint variables in dotenv files.