Vulnerabilities > XML Injection (aka Blind XPath Injection)
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-08-25 | CVE-2021-37154 | XML Injection (aka Blind XPath Injection) vulnerability in Forgerock Access Management In ForgeRock Access Management (AM) before 7.0.2, the SAML2 implementation allows XML injection, potentially enabling a fraudulent SAML 2.0 assertion. | 10.0 |
| 2021-07-27 | CVE-2021-32796 | XML Injection (aka Blind XPath Injection) vulnerability in Xmldom Project Xmldom xmldom is an open source pure JavaScript W3C standard-based (XML DOM Level 2 Core) DOMParser and XMLSerializer module. | 5.0 |
| 2021-06-23 | CVE-2021-2322 | XML Injection (aka Blind XPath Injection) vulnerability in Oracle Opengrok Vulnerability in OpenGrok (component: Web App). | 6.5 |
| 2021-04-16 | CVE-2021-31347 | XML Injection (aka Blind XPath Injection) vulnerability in multiple products An issue was discovered in libezxml.a in ezXML 0.8.6. | 4.3 |
| 2021-02-11 | CVE-2021-21019 | XML Injection (aka Blind XPath Injection) vulnerability in Magento Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are vulnerable to XML injection in the Widgets module. | 9.1 |
| 2020-12-07 | CVE-2020-29599 | XML Injection (aka Blind XPath Injection) vulnerability in multiple products ImageMagick before 6.9.11-40 and 7.x before 7.0.10-40 mishandles the -authenticate option, which allows setting a password for password-protected PDF files. | 7.8 |
| 2020-11-27 | CVE-2017-15685 | XML Injection (aka Blind XPath Injection) vulnerability in Craftercms Crafter CMS 3.0.0 Crafter CMS Crafter Studio 3.0.1 is affected by: XML External Entity (XXE). | 5.0 |
| 2020-11-27 | CVE-2017-15683 | XML Injection (aka Blind XPath Injection) vulnerability in Craftercms Crafter CMS 3.0.0 In Crafter CMS Crafter Studio 3.0.1 an unauthenticated attacker is able to create a site with specially crafted XML that allows the retrieval of OS files out-of-band. | 5.0 |
| 2020-11-26 | CVE-2020-29128 | XML Injection (aka Blind XPath Injection) vulnerability in Petl Project Petl petl before 1.68, in some configurations, allows resolution of entities in an XML document. | 6.8 |
| 2020-09-17 | CVE-2020-25216 | XML Injection (aka Blind XPath Injection) vulnerability in Yworks YED yWorks yEd Desktop before 3.20.1 allows code execution via an XSL Transformation when using an XML file in conjunction with a custom stylesheet. | 9.8 |