Vulnerabilities > XML Injection (aka Blind XPath Injection)
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-11-02 | CVE-2021-38948 | XML Injection (aka Blind XPath Injection) vulnerability in IBM Infosphere Information Server 11.7 IBM InfoSphere Information Server 11.7 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. | 9.1 |
| 2021-09-13 | CVE-2021-22524 | XML Injection (aka Blind XPath Injection) vulnerability in Microfocus Access Manager 5.0 Injection attack caused the denial of service vulnerability in NetIQ Access Manager prior to 5.0.1 and 4.5.4 | 4.9 |
| 2021-09-01 | CVE-2021-36020 | XML Injection (aka Blind XPath Injection) vulnerability in Adobe Commerce and Magento Open Source Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an XML Injection vulnerability in the 'City' field. | 9.8 |
| 2021-09-01 | CVE-2021-36022 | XML Injection (aka Blind XPath Injection) vulnerability in Adobe Commerce and Magento Open Source Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an XML Injection vulnerability in the Widgets Update Layout. | 7.2 |
| 2021-08-30 | CVE-2021-36359 | XML Injection (aka Blind XPath Injection) vulnerability in Bscw Classic OrbiTeam BSCW Classic before 7.4.3 allows exportpdf authenticated remote code execution (RCE) via XML tag injection because reportlab\platypus\paraparser.py (reached via bscw.cgi op=_editfolder.EditFolder) calls eval on attacker-supplied Python code. | 8.8 |
| 2021-08-25 | CVE-2021-37154 | XML Injection (aka Blind XPath Injection) vulnerability in Forgerock Access Management In ForgeRock Access Management (AM) before 7.0.2, the SAML2 implementation allows XML injection, potentially enabling a fraudulent SAML 2.0 assertion. | 9.8 |
| 2021-07-27 | CVE-2021-32796 | XML Injection (aka Blind XPath Injection) vulnerability in Xmldom Project Xmldom xmldom is an open source pure JavaScript W3C standard-based (XML DOM Level 2 Core) DOMParser and XMLSerializer module. | 5.3 |
| 2021-04-16 | CVE-2021-31347 | XML Injection (aka Blind XPath Injection) vulnerability in multiple products An issue was discovered in libezxml.a in ezXML 0.8.6. | 6.5 |
| 2020-12-07 | CVE-2020-29599 | XML Injection (aka Blind XPath Injection) vulnerability in multiple products ImageMagick before 6.9.11-40 and 7.x before 7.0.10-40 mishandles the -authenticate option, which allows setting a password for password-protected PDF files. | 7.8 |
| 2020-11-27 | CVE-2017-15685 | XML Injection (aka Blind XPath Injection) vulnerability in Craftercms Crafter CMS 3.0.0 Crafter CMS Crafter Studio 3.0.1 is affected by: XML External Entity (XXE). | 8.6 |