Search

Blog Stats Labs CLI MCP API Limits About Privacy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Blog Statistics Labs CLI Tool MCP Server API Documentation Rate Limits About Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-91

CWE-91

XML Injection (aka Blind XPath Injection)

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not properly neutralize special elements that are used in XML, allowing attackers to modify the syntax, content, or commands of the XML before it is processed by an end system.

114 vulnerabilities with CWE-91

IDC SFX Series 101 - XML Injection

CVE-2026-1554 MEDIUM

Jtenman Central Authentication System Server - Privilege Escalation

CVE-2022-50902 HIGH

Wondershare FamiSafe 1.0 - Code Injection

CVE-2025-1545 HIGH

WatchGuard Fireware OS <12.11.4-12.5.13 - Info Disclosure

CVE-2025-66034 MEDIUM

fontTools <4.60.2 - RCE

CVE-2025-12921 MEDIUM

OpenClinica Community Edition <3.12.2/3.13 - XML Injection

CVE-2025-7473 MEDIUM

Zohocorp ManageEngine EndPoint Central <11.4.2516.1 - XML Injection

CVE-2025-60833 MEDIUM

uzy-ssm-mall <v1.1.0 - XSS

CVE-2025-54251 MEDIUM

Adobe Experience Manager <6.5.23.0 - Code Injection

CVE-2025-24404 HIGH

Apache HertzBeat <1.7.0 - RCE

xmltodict <0.15.1 - XML Injection

CVE-2025-47184 MEDIUM

Exagid EX10 <6.4.0 P20-7.2.0 P08 - SSRF

CVE-2025-49538 HIGH

Adobe Coldfusion - Denial of Service

CVE-2025-25589 HIGH

yimioa <2024.07.04 - RCE

CVE-2024-47113 HIGH

IBM ICP - Voice Gateway <1.0.8 - RCE

CVE-2024-13190 MEDIUM

ZeroWdd myblog 1.0 - XML Injection

CVE-2024-53675 HIGH

HPE Insight Remote Support < 7.14.0.629 - XXE

CVE-2024-53674 HIGH

HPE Insight Remote Support < 7.14.0.629 - XXE

CVE-2024-11622 HIGH

HPE Insight Remote Support - Info Disclosure

CVE-2024-51136 CRITICAL

CVE-2024-34740 HIGH

Google Android - Integer Overflow

CVE-2024-42374 HIGH

BEx Web Java Runtime Export Web Service - Info Disclosure

CVE-2023-35858 MEDIUM

Modern Campus - Omni CMS 2023.1 - Info Disclosure

CVE-2024-33858 MEDIUM

Logpoint <7.4.0 - Path Injection

CVE-2023-32173 MEDIUM

Unified Automation UaGateway - XML Injection DoS

Page 1 of 5 Next

Details

Vulnerabilities 114

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy