Vulnerabilities > XML Injection (aka Blind XPath Injection)
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-03-17 | CVE-2023-27253 | XML Injection (aka Blind XPath Injection) vulnerability in Netgate Pfsense 2.7.0 A command injection vulnerability in the function restore_rrddata() of Netgate pfSense v2.7.0 allows authenticated attackers to execute arbitrary commands via manipulating the contents of an XML file supplied to the component config.xml. | 8.8 |
| 2023-01-24 | CVE-2023-22485 | XML Injection (aka Blind XPath Injection) vulnerability in Github Cmark-Gfm cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and rendering library and program in C. | 5.3 |
| 2022-12-22 | CVE-2021-4140 | XML Injection (aka Blind XPath Injection) vulnerability in Mozilla Firefox It was possible to construct specific XSLT markup that would be able to bypass an iframe sandbox. | 10.0 |
| 2022-12-05 | CVE-2022-35259 | XML Injection (aka Blind XPath Injection) vulnerability in Ivanti Endpoint Manager XML Injection with Endpoint Manager 2022. | 7.8 |
| 2022-11-11 | CVE-2022-27233 | XML Injection (aka Blind XPath Injection) vulnerability in Intel Quartus Prime XML injection in the Quartus(R) Prime Programmer included in the Intel(R) Quartus Prime Pro and Standard edition software may allow an unauthenticated user to potentially enable information disclosure via network access. | 7.5 |
| 2022-06-16 | CVE-2022-33739 | XML Injection (aka Blind XPath Injection) vulnerability in Broadcom CA Clarity 15.9.0 CA Clarity 15.8 and below and 15.9.0 contain an insecure XML parsing vulnerability that could allow a remote attacker to potentially view the contents of any file on the system. | 7.5 |
| 2022-05-18 | CVE-2022-22784 | XML Injection (aka Blind XPath Injection) vulnerability in Zoom Meetings The Zoom Client for Meetings (for Android, iOS, Linux, MacOS, and Windows) before version 5.10.0 failed to properly parse XML stanzas in XMPP messages. | 8.1 |
| 2022-05-03 | CVE-2022-20729 | XML Injection (aka Blind XPath Injection) vulnerability in Cisco Firepower Threat Defense A vulnerability in CLI of Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to inject XML into the command parser. | 7.8 |
| 2022-04-05 | CVE-2022-25356 | XML Injection (aka Blind XPath Injection) vulnerability in Altn Securitygateway Alt-N MDaemon Security Gateway through 8.5.0 allows SecurityGateway.dll?view=login XML Injection. | 5.3 |
| 2022-03-10 | CVE-2022-22834 | XML Injection (aka Blind XPath Injection) vulnerability in Overit Geocall 6.3 An issue was discovered in OverIT Geocall before 8.0. | 8.8 |