Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-91

CWE-91

XML Injection (aka Blind XPath Injection)

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not properly neutralize special elements that are used in XML, allowing attackers to modify the syntax, content, or commands of the XML before it is processed by an end system.

128 vulnerabilities with CWE-91

CVE-2023-22485 MEDIUM

cmark-gfm < 0.29.0.gfm.7 - Out-of-bounds Read in validate_protocol

CVE-2022-50902 HIGH

Wondershare FamiSafe 1.0 - Code Injection

CVE-2022-32755 MEDIUM

IBM Security Directory Server 6.4.0 - XML External Entity Injection

CVE-2022-4245 MEDIUM

plexus-utils < 3.0.24 - XML External Entity Injection via Unsanitized Comment Handling

CVE-2022-46751 HIGH

Apache Ivy < 2.5.2 - XML External Entity Injection via DTD Processing

CVE-2022-35259 HIGH

Endpoint Manager <2022.3 - Code Injection

CVE-2022-27233 MEDIUM

Intel Quartus Prime < 21.1, < 22.1 - Unauthenticated XML Injection

CVE-2022-22244 MEDIUM

Juniper Networks Junos OS <19.1R3-S9, <19.2R3-S6, <19.3R3-S7, <19.4...

CVE-2022-22243 MEDIUM

Juniper Networks Junos OS <19.1R3-S9-20 - XPath Injection

CVE-2022-34253 HIGH

Adobe Commerce <2.4.3-p2, 2.3.7-p3, 2.4.4 - Code Injection

CVE-2022-2458 HIGH

Red Hat Process Automation Manager < 7.13.1 - XML External Entity Injection in Business Central and Kie-Server APIs

CVE-2022-33739 HIGH

CA Clarity <15.9.0 - Info Disclosure

CVE-2022-22784 HIGH

Zoom Client <5.10.0 - Code Injection

CVE-2022-20729 MEDIUM

Cisco Firepower Threat Defense - Command Injection

CVE-2022-25356 MEDIUM

Alt-N MDaemon Security Gateway <8.5.0 - XML Injection

CVE-2022-22834 HIGH

OverIT Geocall < 8.0 - Authenticated Remote Code Execution via XSLT Injection

CVE-2021-4140 CRITICAL

Firefox ESR < 91.5, Firefox < 96, Thunderbird < 91.5 - XSS

CVE-2021-27777 HIGH

HCL Unica < 12.1.1 - XML External Entity Injection

CVE-2021-38948 CRITICAL

IBM InfoSphere Information Server 11.7 - XXE

CVE-2021-22524 MEDIUM

NetIQ Access Manager <5.0.1, 4.5.4 - DoS

CVE-2021-39181 HIGH

OpenOlat <15.3.18, <15.5.3, <16.0.0 - Code Injection

CVE-2021-36033 CRITICAL

Magento Commerce <2.4.2-2.3.7 - Code Injection

CVE-2021-36028 CRITICAL

Magento Commerce <2.4.2-2.3.7 - Code Injection

CVE-2021-36022 CRITICAL

Magento Commerce <2.4.2-2.3.7 - Code Injection

CVE-2021-36020 HIGH

Magento Commerce <2.4.2-2.3.7 - Code Injection

Previous Page 3 of 6 Next

Details

Vulnerabilities 128

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy