Vulnerabilities > XML Injection (aka Blind XPath Injection)

DATE CVE VULNERABILITY TITLE RISK
2019-07-15 CVE-2019-1010017 XML Injection (aka Blind XPath Injection) vulnerability in Libnmap
libnmap < v0.6.3 is affected by: XML Injection.
network
low complexity
libnmap CWE-91
5.0
2019-06-10 CVE-2019-12787 XML Injection (aka Blind XPath Injection) vulnerability in Dlink Dir-818Lw Firmware 2.05.B03/2.06B01
An issue was discovered on D-Link DIR-818LW devices from 2.05.B03 to 2.06B01 BETA.
network
low complexity
dlink CWE-91
6.5
2019-05-22 CVE-2019-9892 XML Injection (aka Blind XPath Injection) vulnerability in multiple products
An issue was discovered in Open Ticket Request System (OTRS) 5.x through 5.0.34, 6.x through 6.0.17, and 7.x through 7.0.6.
network
low complexity
otrs debian CWE-91
6.5
2019-03-12 CVE-2019-0268 XML Injection (aka Blind XPath Injection) vulnerability in SAP Businessobjects Business Intelligence 4.1/4.2/4.3
SAP BusinessObjects Business Intelligence Platform (CMC Module), versions 4.10, 4.20 and 4.30, does not sufficiently validate an XML document accepted from an untrusted source.
network
low complexity
sap CWE-91
5.5
2018-11-14 CVE-2018-19277 XML Injection (aka Blind XPath Injection) vulnerability in PHPspreadsheet Project PHPspreadsheet
securityScan() in PHPOffice PhpSpreadsheet through 1.5.0 allows a bypass of protection mechanisms for XXE via UTF-7 encoding in a .xlsx file
6.8
2018-11-13 CVE-2018-2477 XML Injection (aka Blind XPath Injection) vulnerability in SAP Netweaver
Knowledge Management (XMLForms) in SAP NetWeaver, versions 7.30, 7.31, 7.40 and 7.50 does not sufficiently validate an XML document accepted from an untrusted source.
network
low complexity
sap CWE-91
6.5
2018-09-21 CVE-2018-16784 XML Injection (aka Blind XPath Injection) vulnerability in Dedecms 5.7
DedeCMS 5.7 SP2 allows XML injection, and resultant remote code execution, via a "<file type='file' name='../" substring.
network
low complexity
dedecms CWE-91
6.5
2018-09-19 CVE-2018-16785 XML Injection (aka Blind XPath Injection) vulnerability in Dedecms 5.7
XML injection vulnerability exists in the file of DedeCMS V5.7 SP2 version, which can be utilized by attackers to create script file to obtain webshell
network
low complexity
dedecms CWE-91
6.5
2018-08-20 CVE-2018-1000632 XML Injection (aka Blind XPath Injection) vulnerability in multiple products
dom4j version prior to version 2.1.1 contains a CWE-91: XML Injection vulnerability in Class: Element.
network
low complexity
dom4j-project debian oracle redhat netapp CWE-91
7.5
2018-06-26 CVE-2018-1000526 XML Injection (aka Blind XPath Injection) vulnerability in Openpsa2 Openpsa
Openpsa contains a XML Injection vulnerability in RSS file upload feature that can result in Remote denial of service.
network
low complexity
openpsa2 CWE-91
5.0