Vulnerabilities > XML Injection (aka Blind XPath Injection)
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-09-17 | CVE-2020-25216 | XML Injection (aka Blind XPath Injection) vulnerability in Yworks YED yWorks yEd Desktop before 3.20.1 allows code execution via an XSL Transformation when using an XML file in conjunction with a custom stylesheet. | 9.8 |
| 2020-06-10 | CVE-2020-6271 | XML Injection (aka Blind XPath Injection) vulnerability in SAP Solution Manager 7.2 SAP Solution Manager (Problem Context Manager), version 7.2, does not perform the necessary authentication, allowing an attacker to consume large amounts of memory, causing the system to crash and read restricted data (files visible for technical administration users of the diagnostics agent). | 5.5 |
| 2020-06-10 | CVE-2020-6260 | XML Injection (aka Blind XPath Injection) vulnerability in SAP Solution Manager 7.20 SAP Solution Manager (Trace Analysis), version 7.20, allows an attacker to inject superflous data that can be displayed by the application, due to Incomplete XML Validation. | 5.0 |
| 2020-04-29 | CVE-2020-8479 | XML Injection (aka Blind XPath Injection) vulnerability in ABB 800Xa System, Compact HMI and Control Builder Safe For the Central Licensing Server component used in ABB products ABB Ability™ System 800xA and related system extensions versions 5.1, 6.0 and 6.1, Compact HMI versions 5.1 and 6.0, Control Builder Safe 1.0, 1.1 and 2.0, Symphony Plus -S+ Operations 3.0 to 3.2 Symphony Plus -S+ Engineering 1.1 to 2.2, Composer Harmony 5.1, 6.0 and 6.1, Melody Composer 5.3, 6.1/6.2 and SPE for Melody 1.0SPx (Composer 6.3), Harmony OPC Server (HAOPC) Standalone 6.0, 6.1 and 7.0, ABB Ability™ System 800xA/ Advant® OCS Control Builder A 1.3 and 1.4, Advant® OCS AC100 OPC Server 5.1, 6.0 and 6.1, Composer CTK 6.1 and 6.2, AdvaBuild 3.7 SP1 and SP2, OPCServer for MOD 300 (non-800xA) 1.4, OPC Data Link 2.1 and 2.2, Knowledge Manager 8.0, 9.0 and 9.1, Manufacturing Operations Management 1812 and 1909, ABB AbilityTM SCADAvantage versions 5.1 to 5.6.5. | 9.8 |
| 2020-04-15 | CVE-2020-11535 | XML Injection (aka Blind XPath Injection) vulnerability in Onlyoffice Document Server 5.5.0 An issue was discovered in ONLYOFFICE Document Server 5.5.0. | 7.5 |
| 2020-02-27 | CVE-2020-3846 | XML Injection (aka Blind XPath Injection) vulnerability in Apple products A buffer overflow was addressed with improved size validation. | 6.8 |
| 2020-02-18 | CVE-2015-6970 | XML Injection (aka Blind XPath Injection) vulnerability in Boschsecurity Nbn-498 Dinion2X Day/Night IP Cameras Firmware 4.54.0026 The web interface in Bosch Security Systems NBN-498 Dinion2X Day/Night IP Cameras with H.264 Firmware 4.54.0026 allows remote attackers to conduct XML injection attacks via the idstring parameter to rcp.xml. | 7.5 |
| 2020-01-14 | CVE-2020-0646 | XML Injection (aka Blind XPath Injection) vulnerability in Microsoft .Net Framework A remote code execution vulnerability exists when the Microsoft .NET Framework fails to validate input properly, aka '.NET Framework Remote Code Execution Injection Vulnerability'. | 10.0 |
| 2020-01-08 | CVE-2014-1409 | XML Injection (aka Blind XPath Injection) vulnerability in Mobileiron Sentry and Virtual Smartphone Platform MobileIron VSP versions prior to 5.9.1 and Sentry versions prior to 5.0 have an authentication bypass vulnerability due to an XML file with obfuscated passwords | 6.4 |
| 2019-12-31 | CVE-2019-20201 | XML Injection (aka Blind XPath Injection) vulnerability in Ezxml Project Ezxml An issue was discovered in ezXML 0.8.3 through 0.8.6. | 4.3 |