Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-91

CWE-91

XML Injection (aka Blind XPath Injection)

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not properly neutralize special elements that are used in XML, allowing attackers to modify the syntax, content, or commands of the XML before it is processed by an end system.

116 vulnerabilities with CWE-91

CVE-2026-32870 HIGH

Kirby has XML injection in its XML creator toolkit

CVE-2026-34601 HIGH

xmldom: XML injection via unsafe CDATA serialization allows attacker-controlled markup insertion

CVE-2026-28770 HIGH

IDC SFX Series 101 - XML Injection

CVE-2026-1554 MEDIUM

Jtenman Central Authentication System Server - Privilege Escalation

CVE-2025-1545 HIGH

WatchGuard Fireware OS <12.11.4-12.5.13 - Info Disclosure

CVE-2025-66034 MEDIUM

fontTools <4.60.2 - RCE

CVE-2025-12921 MEDIUM

OpenClinica Community Edition <3.12.2/3.13 - XML Injection

CVE-2025-7473 MEDIUM

Zohocorp ManageEngine EndPoint Central <11.4.2516.1 - XML Injection

CVE-2025-60833 MEDIUM

uzy-ssm-mall <v1.1.0 - XSS

CVE-2025-54251 MEDIUM

Adobe Experience Manager <6.5.23.0 - Code Injection

CVE-2025-24404 HIGH

Apache HertzBeat <1.7.0 - RCE

CVE-2025-9375 MEDIUM

xmltodict <0.15.1 - XML Injection

CVE-2025-47184 MEDIUM

Exagid EX10 <6.4.0 P20-7.2.0 P08 - SSRF

CVE-2025-49538 HIGH

Adobe Coldfusion - Denial of Service

CVE-2025-25589 HIGH

yimioa <2024.07.04 - RCE

CVE-2024-47113 HIGH

IBM ICP - Voice Gateway <1.0.8 - RCE

CVE-2024-13190 MEDIUM

ZeroWdd myblog 1.0 - XML Injection

CVE-2024-53675 HIGH

HPE Insight Remote Support < 7.14.0.629 - XXE

CVE-2024-53674 HIGH

HPE Insight Remote Support < 7.14.0.629 - XXE

CVE-2024-11622 HIGH

HPE Insight Remote Support - Info Disclosure

CVE-2024-51136 CRITICAL

CVE-2024-34740 HIGH

Google Android - Integer Overflow

CVE-2024-42374 HIGH

BEx Web Java Runtime Export Web Service - Info Disclosure

CVE-2024-33858 MEDIUM

Logpoint <7.4.0 - Path Injection

CVE-2024-28109 HIGH

Org.verapdf Core < 1.24.2 - Remote Code Execution

Page 1 of 5 Next

Details

Vulnerabilities 116

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy