Vulnerabilities > XML Injection (aka Blind XPath Injection)
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-11-06 | CVE-2019-8158 | XML Injection (aka Blind XPath Injection) vulnerability in Magento An XPath entity injection vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. | 9.8 |
| 2019-10-30 | CVE-2019-17323 | XML Injection (aka Blind XPath Injection) vulnerability in Clipsoft Rexpert 1.0.0.527 ClipSoft REXPERT 1.0.0.527 and earlier version allows arbitrary file creation and execution via report print function of rexpert viewer with modified XML document. | 8.8 |
| 2019-10-25 | CVE-2013-4857 | XML Injection (aka Blind XPath Injection) vulnerability in Dlink Dir-865L Firmware D-Link DIR-865L has PHP File Inclusion in the router xml file. | 9.8 |
| 2019-10-16 | CVE-2019-17626 | XML Injection (aka Blind XPath Injection) vulnerability in Reportlab ReportLab through 3.5.26 allows remote code execution because of toColor(eval(arg)) in colors.py, as demonstrated by a crafted XML document with '<span color="' followed by arbitrary Python code. | 9.8 |
| 2019-10-08 | CVE-2019-0370 | XML Injection (aka Blind XPath Injection) vulnerability in SAP Financial Consolidation 10.0/10.1 Due to missing input validation, SAP Financial Consolidation, before versions 10.0 and 10.1, enables an attacker to use crafted input to interfere with the structure of the surrounding query leading to XPath Injection. | 6.5 |
| 2019-10-02 | CVE-2019-4539 | XML Injection (aka Blind XPath Injection) vulnerability in IBM Security Directory Server 6.4.0 IBM Security Directory Server 6.4.0 does not properly neutralize special elements that are used in XML, allowing attackers to modify the syntax, content, or commands of the XML before it is processed by an end system. | 7.1 |
| 2019-09-28 | CVE-2019-16941 | XML Injection (aka Blind XPath Injection) vulnerability in NSA Ghidra NSA Ghidra through 9.0.4, when experimental mode is enabled, allows arbitrary code execution if the Read XML Files feature of Bit Patterns Explorer is used with a modified XML document. | 9.8 |
| 2019-07-26 | CVE-2019-14277 | XML Injection (aka Blind XPath Injection) vulnerability in Axway Securetransport Axway SecureTransport 5.x through 5.3 (or 5.x through 5.5 with certain API configuration) is vulnerable to unauthenticated blind XML injection (and XXE) in the resetPassword functionality via the REST API. | 9.8 |
| 2019-07-15 | CVE-2019-1010017 | XML Injection (aka Blind XPath Injection) vulnerability in Libnmap libnmap < v0.6.3 is affected by: XML Injection. | 7.5 |
| 2019-05-22 | CVE-2019-9892 | XML Injection (aka Blind XPath Injection) vulnerability in multiple products An issue was discovered in Open Ticket Request System (OTRS) 5.x through 5.0.34, 6.x through 6.0.17, and 7.x through 7.0.6. | 6.5 |