Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-91

CWE-91

XML Injection (aka Blind XPath Injection)

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not properly neutralize special elements that are used in XML, allowing attackers to modify the syntax, content, or commands of the XML before it is processed by an end system.

116 vulnerabilities with CWE-91

CVE-2024-2648 MEDIUM

Netentsec NS-ASG 6.3 - Improper Neutralization of Data within XPath...

CVE-2024-2645 MEDIUM

Netentsec NS-ASG Application Security Gateway 6.3 - XPath Injection

CVE-2024-25413 HIGH

FireBear Improved Import And Export <3.8.6 - SSRF

CVE-2023-35858 MEDIUM

Modern Campus - Omni CMS 2023.1 - Info Disclosure

CVE-2023-32173 MEDIUM

Unified Automation UaGateway - XML Injection DoS

CVE-2023-27328 HIGH

Parallels Desktop < 18.1.1_\(53328\) - Privilege Escalation

CVE-2023-46214 HIGH

Splunk Enterprise <9.0.7-9.1.2 - RCE

CVE-2023-43187 CRITICAL

NodeBB <1.18.6 - RCE

CVE-2023-40612 MEDIUM

OpenMNS Horizon <32.0.2 - XXE Injection

CVE-2023-38207 HIGH

Adobe Commerce <2.4.6-p1, <2.4.5-p3, <2.4.4-p4 - XML Injection

CVE-2023-29289 MEDIUM

Adobe Commerce <2.4.6 - XML Injection

CVE-2023-22247 HIGH

Adobe Commerce <2.4.4-p2, 2.4.5-p1 - XML Injection

CVE-2023-27253 HIGH

Netgate pfSense <2.7.0 - Command Injection

CVE-2023-22485 MEDIUM

Github Cmark-gfm < 0.29.0.gfm.7 - Out-of-Bounds Access

CVE-2022-50902 HIGH

Wondershare FamiSafe 1.0 - Code Injection

CVE-2022-32755 MEDIUM

IBM Security Directory Server - XXE

CVE-2022-4245 MEDIUM

Codehaus-plexus Plexus-utils < 3.0.24 - XXE

CVE-2022-46751 HIGH

Apache Ivy <2.5.2 - XML Injection

CVE-2022-35259 HIGH

Endpoint Manager <2022.3 - Code Injection

CVE-2022-27233 MEDIUM

Intel Quartus Prime < 21.1 - Information Disclosure

CVE-2022-22244 MEDIUM

Juniper Networks Junos OS <19.1R3-S9, <19.2R3-S6, <19.3R3-S7, <19.4...

CVE-2022-22243 MEDIUM

Juniper Networks Junos OS <19.1R3-S9-20 - XPath Injection

CVE-2022-34253 HIGH

Adobe Commerce <2.4.3-p2, 2.3.7-p3, 2.4.4 - Code Injection

CVE-2022-2458 HIGH

Redhat Process Automation Manager < 7.13.1 - XXE

CVE-2022-33739 HIGH

CA Clarity <15.9.0 - Info Disclosure

Previous Page 2 of 5 Next

Details

Vulnerabilities 116

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy