Vulnerabilities > XML Injection (aka Blind XPath Injection)

DATE CVE VULNERABILITY TITLE RISK
2018-11-13 CVE-2018-2477 XML Injection (aka Blind XPath Injection) vulnerability in SAP Netweaver
Knowledge Management (XMLForms) in SAP NetWeaver, versions 7.30, 7.31, 7.40 and 7.50 does not sufficiently validate an XML document accepted from an untrusted source.
network
low complexity
sap CWE-91
8.8
2018-09-21 CVE-2018-16784 XML Injection (aka Blind XPath Injection) vulnerability in Dedecms 5.7
DedeCMS 5.7 SP2 allows XML injection, and resultant remote code execution, via a "<file type='file' name='../" substring.
network
low complexity
dedecms CWE-91
7.2
2018-09-19 CVE-2018-16785 XML Injection (aka Blind XPath Injection) vulnerability in Dedecms 5.7
XML injection vulnerability exists in the file of DedeCMS V5.7 SP2 version, which can be utilized by attackers to create script file to obtain webshell
network
low complexity
dedecms CWE-91
8.8
2018-08-20 CVE-2018-1000632 XML Injection (aka Blind XPath Injection) vulnerability in multiple products
dom4j version prior to version 2.1.1 contains a CWE-91: XML Injection vulnerability in Class: Element.
network
low complexity
dom4j-project debian oracle redhat netapp CWE-91
7.5
2018-06-26 CVE-2018-1000526 XML Injection (aka Blind XPath Injection) vulnerability in Openpsa2 Openpsa
Openpsa contains a XML Injection vulnerability in RSS file upload feature that can result in Remote denial of service.
network
low complexity
openpsa2 CWE-91
7.5
2018-02-20 CVE-2016-6272 XML Injection (aka Blind XPath Injection) vulnerability in Epic Mychart
XPath injection vulnerability in Epic MyChart allows remote attackers to access contents of an XML document containing static display strings, such as field labels, via the topic parameter to help.asp.
network
low complexity
epic CWE-91
7.5
2018-01-02 CVE-2017-1000452 XML Injection (aka Blind XPath Injection) vulnerability in Samlify Project Samlify
An XML Signature Wrapping vulnerability exists in Samlify 2.2.0 and earlier, and in predecessor Express-saml2 which could allow attackers to impersonate arbitrary users.
network
high complexity
samlify-project CWE-91
7.5
2017-09-14 CVE-2013-7429 XML Injection (aka Blind XPath Injection) vulnerability in Mapsplugin Googlemaps 3.0
The Googlemaps plugin before 3.1 for Joomla! allows remote attackers to conduct XML injection attacks via the url parameter to plugin_googlemap2_proxy.php.
network
low complexity
mapsplugin CWE-91
critical
9.8
2017-07-21 CVE-2015-3932 XML Injection (aka Blind XPath Injection) vulnerability in Netlock Mokka 2.7
Netlock Mokka before 2.7.8.1204 allows remote attackers to perform XML signature wrapping attacks via an e-akta signed document with a ds:Object node with a crafted payload prepended to a valid ds:Object.
local
low complexity
netlock CWE-91
7.8
2017-07-21 CVE-2015-3931 XML Injection (aka Blind XPath Injection) vulnerability in Microsec E-Szigno 3.2
Microsec e-Szigno before 3.2.7.12 allows remote attackers to perform XML signature wrapping attacks via an e-akta signed document with a ds:Object node with a crafted payload prepended to a valid ds:Object.
local
low complexity
microsec CWE-91
7.8