CWE-91

XML Injection (aka Blind XPath Injection)

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not properly neutralize special elements that are used in XML, allowing attackers to modify the syntax, content, or commands of the XML before it is processed by an end system.

128 vulnerabilities with CWE-91
CVE-2013-7429 CRITICAL
googlemaps < 3.0 - XML Injection via URL Parameter
CVSS 9.8
CVE-2013-4221
Restlet < 2.1.4 - Remote Code Execution via XMLDecoder Deserialization
CVE-2008-5024
Mozilla Firefox <3.0.4-2.0.0.18 & Thunderbird <2.0.0.18 & SeaMonkey...
Details
Vulnerabilities 128
Links
MITRE CWE Entry Search this CWE With Exploits