Vulnerabilities > XML Injection (aka Blind XPath Injection)
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2019-07-15 | CVE-2019-1010017 | XML Injection (aka Blind XPath Injection) vulnerability in Libnmap libnmap < v0.6.3 is affected by: XML Injection. | 5.0 |
2019-06-10 | CVE-2019-12787 | XML Injection (aka Blind XPath Injection) vulnerability in Dlink Dir-818Lw Firmware 2.05.B03/2.06B01 An issue was discovered on D-Link DIR-818LW devices from 2.05.B03 to 2.06B01 BETA. | 6.5 |
2019-05-22 | CVE-2019-9892 | XML Injection (aka Blind XPath Injection) vulnerability in multiple products An issue was discovered in Open Ticket Request System (OTRS) 5.x through 5.0.34, 6.x through 6.0.17, and 7.x through 7.0.6. | 6.5 |
2019-03-12 | CVE-2019-0268 | XML Injection (aka Blind XPath Injection) vulnerability in SAP Businessobjects Business Intelligence 4.1/4.2/4.3 SAP BusinessObjects Business Intelligence Platform (CMC Module), versions 4.10, 4.20 and 4.30, does not sufficiently validate an XML document accepted from an untrusted source. | 5.5 |
2018-11-14 | CVE-2018-19277 | XML Injection (aka Blind XPath Injection) vulnerability in PHPspreadsheet Project PHPspreadsheet securityScan() in PHPOffice PhpSpreadsheet through 1.5.0 allows a bypass of protection mechanisms for XXE via UTF-7 encoding in a .xlsx file | 6.8 |
2018-11-13 | CVE-2018-2477 | XML Injection (aka Blind XPath Injection) vulnerability in SAP Netweaver Knowledge Management (XMLForms) in SAP NetWeaver, versions 7.30, 7.31, 7.40 and 7.50 does not sufficiently validate an XML document accepted from an untrusted source. | 6.5 |
2018-09-21 | CVE-2018-16784 | XML Injection (aka Blind XPath Injection) vulnerability in Dedecms 5.7 DedeCMS 5.7 SP2 allows XML injection, and resultant remote code execution, via a "<file type='file' name='../" substring. | 6.5 |
2018-09-19 | CVE-2018-16785 | XML Injection (aka Blind XPath Injection) vulnerability in Dedecms 5.7 XML injection vulnerability exists in the file of DedeCMS V5.7 SP2 version, which can be utilized by attackers to create script file to obtain webshell | 6.5 |
2018-08-20 | CVE-2018-1000632 | XML Injection (aka Blind XPath Injection) vulnerability in multiple products dom4j version prior to version 2.1.1 contains a CWE-91: XML Injection vulnerability in Class: Element. | 7.5 |
2018-06-26 | CVE-2018-1000526 | XML Injection (aka Blind XPath Injection) vulnerability in Openpsa2 Openpsa Openpsa contains a XML Injection vulnerability in RSS file upload feature that can result in Remote denial of service. | 5.0 |