Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-91

CWE-91

XML Injection (aka Blind XPath Injection)

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not properly neutralize special elements that are used in XML, allowing attackers to modify the syntax, content, or commands of the XML before it is processed by an end system.

128 vulnerabilities with CWE-91

CVE-2025-49538 HIGH

ColdFusion <= 2025.2, <= 2023.14, <= 2021.20 - XML Injection via Crafted XML or XPath Queries

CVE-2025-25589 HIGH

yimioa < v2024.07.04 - XML External Entity Injection in XMLParse.java

CVE-2024-47113 HIGH

IBM ICP - Voice Gateway <1.0.8 - RCE

CVE-2024-13190 MEDIUM

ZeroWdd myblog 1.0 - XML Injection via BlogMapper.xml findBlogList/getTotalBlogs Argument

CVE-2024-53675 HIGH

HPE Insight Remote Support < 7.14.0.629 - XML External Entity Injection

CVE-2024-53674 HIGH

HPE Insight Remote Support < 7.14.0.629 - XML External Entity Injection

CVE-2024-11622 HIGH

HPE Insight Remote Support - Info Disclosure

CVE-2024-51136 CRITICAL

OpenIMAJ Dmoz2CSV - XML External Entity Injection

CVE-2024-34740 HIGH

Android - Integer Overflow in BinaryXmlSerializer

CVE-2024-42374 HIGH

BEx Web Java Runtime Export Web Service - Info Disclosure

CVE-2024-33858 MEDIUM

Logpoint SIEM < 7.4.0 - Path Traversal and Arbitrary File Write via CSV Enrichment Source

CVE-2024-28109 HIGH

veraPDF-library < 1.24.2 - Remote Code Execution via Custom Schematron XSL Transformation

CVE-2024-2648 MEDIUM

Netentsec NS-ASG 6.3 - Improper Neutralization of Data within XPath...

CVE-2024-2645 MEDIUM

Netentsec NS-ASG Application Security Gateway 6.3 - XPath Injection

CVE-2024-25413 HIGH

FireBear Improved Import And Export <3.8.6 - SSRF

CVE-2023-35858 MEDIUM

Modern Campus - Omni CMS 2023.1 - Info Disclosure

CVE-2023-32173 MEDIUM

Unified Automation UaGateway - XML Injection DoS

CVE-2023-27328 HIGH

Parallels Desktop < 18.1.1 (53328) - Local Privilege Escalation via Toolgate XML Injection

CVE-2023-46214 HIGH

Splunk Enterprise <9.0.7-9.1.2 - RCE

CVE-2023-43187 CRITICAL

NodeBB < 1.18.6 - Remote Code Execution via XML-RPC Request

CVE-2023-40612 MEDIUM

OpenMNS Horizon <32.0.2 - XXE Injection

CVE-2023-38207 HIGH

Adobe Commerce <2.4.6-p1, <2.4.5-p3, <2.4.4-p4 - XML Injection

CVE-2023-29289 MEDIUM

Adobe Commerce <2.4.6 - XML Injection

CVE-2023-22247 HIGH

Adobe Commerce <2.4.4-p2, 2.4.5-p1 - XML Injection

CVE-2023-27253 HIGH

Netgate pfSense <2.7.0 - Command Injection

Previous Page 2 of 6 Next

Details

Vulnerabilities 128

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy