Vulnerabilities > XML Injection (aka Blind XPath Injection)
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2018-11-13 | CVE-2018-2477 | XML Injection (aka Blind XPath Injection) vulnerability in SAP Netweaver Knowledge Management (XMLForms) in SAP NetWeaver, versions 7.30, 7.31, 7.40 and 7.50 does not sufficiently validate an XML document accepted from an untrusted source. | 8.8 |
2018-09-21 | CVE-2018-16784 | XML Injection (aka Blind XPath Injection) vulnerability in Dedecms 5.7 DedeCMS 5.7 SP2 allows XML injection, and resultant remote code execution, via a "<file type='file' name='../" substring. | 7.2 |
2018-09-19 | CVE-2018-16785 | XML Injection (aka Blind XPath Injection) vulnerability in Dedecms 5.7 XML injection vulnerability exists in the file of DedeCMS V5.7 SP2 version, which can be utilized by attackers to create script file to obtain webshell | 8.8 |
2018-08-20 | CVE-2018-1000632 | XML Injection (aka Blind XPath Injection) vulnerability in multiple products dom4j version prior to version 2.1.1 contains a CWE-91: XML Injection vulnerability in Class: Element. | 7.5 |
2018-06-26 | CVE-2018-1000526 | XML Injection (aka Blind XPath Injection) vulnerability in Openpsa2 Openpsa Openpsa contains a XML Injection vulnerability in RSS file upload feature that can result in Remote denial of service. | 7.5 |
2018-02-20 | CVE-2016-6272 | XML Injection (aka Blind XPath Injection) vulnerability in Epic Mychart XPath injection vulnerability in Epic MyChart allows remote attackers to access contents of an XML document containing static display strings, such as field labels, via the topic parameter to help.asp. | 7.5 |
2018-01-02 | CVE-2017-1000452 | XML Injection (aka Blind XPath Injection) vulnerability in Samlify Project Samlify An XML Signature Wrapping vulnerability exists in Samlify 2.2.0 and earlier, and in predecessor Express-saml2 which could allow attackers to impersonate arbitrary users. | 7.5 |
2017-09-14 | CVE-2013-7429 | XML Injection (aka Blind XPath Injection) vulnerability in Mapsplugin Googlemaps 3.0 The Googlemaps plugin before 3.1 for Joomla! allows remote attackers to conduct XML injection attacks via the url parameter to plugin_googlemap2_proxy.php. | 9.8 |
2017-07-21 | CVE-2015-3932 | XML Injection (aka Blind XPath Injection) vulnerability in Netlock Mokka 2.7 Netlock Mokka before 2.7.8.1204 allows remote attackers to perform XML signature wrapping attacks via an e-akta signed document with a ds:Object node with a crafted payload prepended to a valid ds:Object. | 7.8 |
2017-07-21 | CVE-2015-3931 | XML Injection (aka Blind XPath Injection) vulnerability in Microsec E-Szigno 3.2 Microsec e-Szigno before 3.2.7.12 allows remote attackers to perform XML signature wrapping attacks via an e-akta signed document with a ds:Object node with a crafted payload prepended to a valid ds:Object. | 7.8 |