Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-91

CWE-91

XML Injection (aka Blind XPath Injection)

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not properly neutralize special elements that are used in XML, allowing attackers to modify the syntax, content, or commands of the XML before it is processed by an end system.

128 vulnerabilities with CWE-91

CVE-2021-36359 HIGH

OrbiTeam BSCW Classic <7.4.3 - Authenticated RCE

CVE-2021-32758 HIGH

OpenMage Magento LTS <19.4.15, <20.0.11 - Command Injection

CVE-2021-37154 CRITICAL

ForgeRock AM <7.0.2 - Code Injection

CVE-2021-32796 MEDIUM

xmldom < 0.7.0 - XML Injection via Improper Character Escaping

CVE-2021-2322 HIGH

OpenGrok <= 1.6.7 - Authenticated Remote Code Execution via Web App

CVE-2021-31347 MEDIUM

libezxml.a <0.8.6 - Memory Corruption

CVE-2021-21025 CRITICAL

Magento <2.4.1-2.3.6 - Code Injection

CVE-2021-21019 CRITICAL

Magento <2.4.1-2.3.6 - Code Injection

CVE-2020-29599 HIGH

ImageMagick <7.0.10-40 - Command Injection

CVE-2020-29128 CRITICAL

petl < 1.6.8 - XML External Entity Injection

CVE-2020-4774 MEDIUM

IBM Curam Social Program Management <7.0.10 - Info Disclosure

CVE-2020-25216 CRITICAL

yWorks yEd Desktop <3.20.1 - Code Injection

CVE-2020-6271 HIGH

SAP Solution Manager <7.2 - Memory Corruption

CVE-2020-6260 MEDIUM

SAP Solution Manager <7.20 - Info Disclosure

CVE-2020-8479 CRITICAL

ABB Ability System 800xA and related products - XML External Entity Injection

CVE-2020-11535 CRITICAL

ONLYOFFICE Document Server 5.5.0 - Code Injection

CVE-2020-0646 CRITICAL KEV

.NET Framework - Remote Code Execution via XML Injection

CVE-2019-19450 CRITICAL

ReportLab < 3.5.31 - Remote Code Execution via Unichar Element in XML Document

CVE-2019-25137 HIGH

Umbraco CMS <7.15.10 - Authenticated RCE

CVE-2019-8158 CRITICAL

Magento <2.2.10, 2.3.<3, 2.3.2-p1 - XPath Injection

CVE-2019-17323 HIGH

ClipSoft REXPERT <1.0.0.527 - Code Injection

CVE-2019-17626 CRITICAL

ReportLab < 3.5.26 - Remote Code Execution via toColor eval Injection

CVE-2019-0370 MEDIUM

SAP Financial Consolidation <10.0-10.1 - XPath Injection

CVE-2019-4539 HIGH

IBM Security Directory Server 6.4.0 - XSS

CVE-2019-16941 CRITICAL

NSA Ghidra <= 9.0.4 - Remote Code Execution via Bit Patterns Explorer XML File Processing

Previous Page 4 of 6 Next

Details

Vulnerabilities 128

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy