Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-91

CWE-91

XML Injection (aka Blind XPath Injection)

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not properly neutralize special elements that are used in XML, allowing attackers to modify the syntax, content, or commands of the XML before it is processed by an end system.

116 vulnerabilities with CWE-91

CVE-2022-22784 HIGH

Zoom Client <5.10.0 - Code Injection

CVE-2022-20729 MEDIUM

Cisco Firepower Threat Defense - Command Injection

CVE-2022-25356 MEDIUM

Alt-N MDaemon Security Gateway <8.5.0 - XML Injection

CVE-2022-22834 HIGH

Overit Geocall < 8.0 - Remote Code Execution

CVE-2021-4140 CRITICAL

Firefox ESR < 91.5, Firefox < 96, Thunderbird < 91.5 - XSS

CVE-2021-27777 HIGH

XML Parser - XXE Injection

CVE-2021-38948 CRITICAL

IBM InfoSphere Information Server 11.7 - XXE

CVE-2021-22524 MEDIUM

NetIQ Access Manager <5.0.1, 4.5.4 - DoS

CVE-2021-39181 HIGH

OpenOlat <15.3.18, <15.5.3, <16.0.0 - Code Injection

CVE-2021-36033 CRITICAL

Magento Commerce <2.4.2-2.3.7 - Code Injection

CVE-2021-36028 CRITICAL

Magento Commerce <2.4.2-2.3.7 - Code Injection

CVE-2021-36022 CRITICAL

Magento Commerce <2.4.2-2.3.7 - Code Injection

CVE-2021-36020 HIGH

Magento Commerce <2.4.2-2.3.7 - Code Injection

CVE-2021-36359 HIGH

OrbiTeam BSCW Classic <7.4.3 - Authenticated RCE

CVE-2021-32758 HIGH

OpenMage Magento LTS <19.4.15, <20.0.11 - Command Injection

CVE-2021-37154 CRITICAL

ForgeRock AM <7.0.2 - Code Injection

CVE-2021-32796 MEDIUM

xmldom <0.7.0 - Info Disclosure

CVE-2021-2322 HIGH

OpenGrok <1.6.7 - RCE

CVE-2021-31347 MEDIUM

libezxml.a <0.8.6 - Memory Corruption

CVE-2021-21025 CRITICAL

Magento <2.4.1-2.3.6 - Code Injection

CVE-2021-21019 CRITICAL

Magento <2.4.1-2.3.6 - Code Injection

CVE-2020-29599 HIGH

ImageMagick <7.0.10-40 - Command Injection

CVE-2020-29128 CRITICAL

petl <1.68 - Info Disclosure

CVE-2020-4774 MEDIUM

IBM Curam Social Program Management <7.0.10 - Info Disclosure

CVE-2020-25216 CRITICAL

yWorks yEd Desktop <3.20.1 - Code Injection

Previous Page 3 of 5 Next

Details

Vulnerabilities 116

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy