Vulnerabilities > XML Injection (aka Blind XPath Injection)
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-04-05 | CVE-2022-25356 | XML Injection (aka Blind XPath Injection) vulnerability in Altn Securitygateway Alt-N MDaemon Security Gateway through 8.5.0 allows SecurityGateway.dll?view=login XML Injection. | 5.0 |
| 2022-03-10 | CVE-2022-22834 | XML Injection (aka Blind XPath Injection) vulnerability in Overit Geocall 6.3 An issue was discovered in OverIT Geocall before 8.0. | 8.8 |
| 2021-11-02 | CVE-2021-38948 | XML Injection (aka Blind XPath Injection) vulnerability in IBM Infosphere Information Server 11.7 IBM InfoSphere Information Server 11.7 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. | 6.4 |
| 2021-09-13 | CVE-2021-22524 | XML Injection (aka Blind XPath Injection) vulnerability in Microfocus Access Manager 5.0 Injection attack caused the denial of service vulnerability in NetIQ Access Manager prior to 5.0.1 and 4.5.4 | 4.9 |
| 2021-09-01 | CVE-2021-39181 | XML Injection (aka Blind XPath Injection) vulnerability in Frentix Openolat OpenOlat is a web-based learning management system (LMS). | 6.5 |
| 2021-09-01 | CVE-2021-36020 | XML Injection (aka Blind XPath Injection) vulnerability in Adobe Commerce and Magento Open Source Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an XML Injection vulnerability in the 'City' field. | 7.5 |
| 2021-09-01 | CVE-2021-36022 | XML Injection (aka Blind XPath Injection) vulnerability in Adobe Commerce and Magento Open Source Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an XML Injection vulnerability in the Widgets Update Layout. | 7.2 |
| 2021-09-01 | CVE-2021-36028 | XML Injection (aka Blind XPath Injection) vulnerability in Adobe Commerce and Magento Open Source Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an XML Injection vulnerability when saving a configurable product. | 6.5 |
| 2021-09-01 | CVE-2021-36033 | XML Injection (aka Blind XPath Injection) vulnerability in Adobe Commerce and Magento Open Source Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an XML Injection vulnerability in the Widgets Module. | 6.5 |
| 2021-08-30 | CVE-2021-36359 | XML Injection (aka Blind XPath Injection) vulnerability in Bscw Classic OrbiTeam BSCW Classic before 7.4.3 allows exportpdf authenticated remote code execution (RCE) via XML tag injection because reportlab\platypus\paraparser.py (reached via bscw.cgi op=_editfolder.EditFolder) calls eval on attacker-supplied Python code. | 6.5 |