CWE-91
XML Injection (aka Blind XPath Injection)
The product does not properly neutralize special elements that are used in XML, allowing attackers to modify the syntax, content, or commands of the XML before it is processed by an end system.
116 vulnerabilities with CWE-91
CVE-2020-6271
HIGH
SAP Solution Manager <7.2 - Memory Corruption
CVSS 8.2
CVE-2020-6260
MEDIUM
SAP Solution Manager <7.20 - Info Disclosure
CVSS 5.3
CVE-2020-8479
CRITICAL
ABB products - Path Traversal
CVSS 9.4
CVE-2020-11535
CRITICAL
ONLYOFFICE Document Server 5.5.0 - Code Injection
CVSS 9.8
CVE-2020-0646
CRITICAL
KEV
Microsoft .net Framework - Remote Code Execution
CVSS 9.8
CVE-2019-19450
CRITICAL
ReportLab <3.5.31 - RCE
CVSS 9.8
CVE-2019-25137
HIGH
Umbraco CMS <7.15.10 - Authenticated RCE
CVSS 7.2
CVE-2019-8158
CRITICAL
Magento <2.2.10, 2.3.<3, 2.3.2-p1 - XPath Injection
CVSS 9.8
CVE-2019-17323
HIGH
ClipSoft REXPERT <1.0.0.527 - Code Injection
CVSS 8.8
CVE-2019-17626
CRITICAL
Reportlab < 3.5.26 - Remote Code Execution
CVSS 9.8
CVE-2019-0370
MEDIUM
SAP Financial Consolidation <10.0-10.1 - XPath Injection
CVSS 6.5
CVE-2019-4539
HIGH
IBM Security Directory Server 6.4.0 - XSS
CVSS 7.1
CVE-2019-16941
CRITICAL
NSA Ghidra <9.0.4 - RCE
CVSS 9.8
CVE-2019-14277
CRITICAL
Axway SecureTransport <5.3-5.5 - Unauthenticated XXE
CVSS 9.8
CVE-2019-1010017
HIGH
libnmap < 0.6.3 - XML Injection
CVSS 7.5
CVE-2019-9892
MEDIUM
OTRS <5.0.34, <6.0.17, <7.0.6 - Info Disclosure
CVSS 6.5
CVE-2019-0268
HIGH
SAP BusinessObjects <4.30 - Info Disclosure
CVSS 8.1
CVE-2018-1721
HIGH
IBM Cognos Analytics - XXE
CVSS 8.8
CVE-2018-19277
HIGH
PHPOffice PhpSpreadsheet <1.5.0 - XSS
CVSS 8.8
CVE-2018-2477
HIGH
SAP NetWeaver <7.51 - Info Disclosure
CVSS 8.8
CVE-2018-16784
HIGH
DedeCMS 5.7 SP2 - Code Injection
CVSS 7.2
CVE-2018-16785
HIGH
DedeCMS V5.7 SP2 - Code Injection
CVSS 8.8
CVE-2018-1000632
HIGH
dom4j <2.1.1 - XML Injection
CVSS 7.5
CVE-2018-1000526
HIGH
Openpsa - XML Injection
CVSS 7.5
CVE-2017-15685
HIGH
Craftercms Crafter Cms < 3.0.1 - XXE
CVSS 8.6
Details
Vulnerabilities
116