Vulnerabilities > XML Injection (aka Blind XPath Injection)
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-08-30 | CVE-2021-36359 | XML Injection (aka Blind XPath Injection) vulnerability in Bscw Classic OrbiTeam BSCW Classic before 7.4.3 allows exportpdf authenticated remote code execution (RCE) via XML tag injection because reportlab\platypus\paraparser.py (reached via bscw.cgi op=_editfolder.EditFolder) calls eval on attacker-supplied Python code. | 8.8 |
2021-08-25 | CVE-2021-37154 | XML Injection (aka Blind XPath Injection) vulnerability in Forgerock Access Management In ForgeRock Access Management (AM) before 7.0.2, the SAML2 implementation allows XML injection, potentially enabling a fraudulent SAML 2.0 assertion. | 9.8 |
2021-07-27 | CVE-2021-32796 | XML Injection (aka Blind XPath Injection) vulnerability in Xmldom Project Xmldom xmldom is an open source pure JavaScript W3C standard-based (XML DOM Level 2 Core) DOMParser and XMLSerializer module. | 5.3 |
2021-04-16 | CVE-2021-31347 | XML Injection (aka Blind XPath Injection) vulnerability in multiple products An issue was discovered in libezxml.a in ezXML 0.8.6. | 6.5 |
2020-12-07 | CVE-2020-29599 | XML Injection (aka Blind XPath Injection) vulnerability in multiple products ImageMagick before 6.9.11-40 and 7.x before 7.0.10-40 mishandles the -authenticate option, which allows setting a password for password-protected PDF files. | 7.8 |
2020-11-27 | CVE-2017-15685 | XML Injection (aka Blind XPath Injection) vulnerability in Craftercms Crafter CMS 3.0.0 Crafter CMS Crafter Studio 3.0.1 is affected by: XML External Entity (XXE). | 8.6 |
2020-11-27 | CVE-2017-15683 | XML Injection (aka Blind XPath Injection) vulnerability in Craftercms Crafter CMS 3.0.0 In Crafter CMS Crafter Studio 3.0.1 an unauthenticated attacker is able to create a site with specially crafted XML that allows the retrieval of OS files out-of-band. | 8.6 |
2020-11-26 | CVE-2020-29128 | XML Injection (aka Blind XPath Injection) vulnerability in Petl Project Petl petl before 1.68, in some configurations, allows resolution of entities in an XML document. | 9.8 |
2020-10-12 | CVE-2020-4774 | XML Injection (aka Blind XPath Injection) vulnerability in IBM Curam Social Program Management 7.0.10.0/7.0.9.0 An XPath vulnerability may impact IBM Curam Social Program Management 7.0.9 and 7.0.10, caused by the improper handling of user-supplied input. | 5.4 |
2020-09-17 | CVE-2020-25216 | XML Injection (aka Blind XPath Injection) vulnerability in Yworks YED yWorks yEd Desktop before 3.20.1 allows code execution via an XSL Transformation when using an XML file in conjunction with a custom stylesheet. | 9.8 |