VYPR

CWE-91

XML Injection (aka Blind XPath Injection)

BaseDraft

Description

The product does not properly neutralize special elements that are used in XML, allowing attackers to modify the syntax, content, or commands of the XML before it is processed by an end system.

Within XML, special elements could include reserved words or characters such as "<", ">", """, and "&", which could then be used to add new data or modify XML syntax.

Hierarchy (View 1000)

Parents

Related attack patterns (CAPEC)

CAPEC-250 · CAPEC-83

CVEs mapped to this weakness (64)

page 1 of 4
  • CVE-2013-7429CriSep 14, 2017
    risk 0.64cvss 9.8epss 0.02

    The Googlemaps plugin before 3.1 for Joomla! allows remote attackers to conduct XML injection attacks via the url parameter to plugin_googlemap2_proxy.php.

  • CVE-2018-16785HigSep 19, 2018
    risk 0.57cvss 8.8epss 0.02

    XML injection vulnerability exists in the file of DedeCMS V5.7 SP2 version, which can be utilized by attackers to create script file to obtain webshell

  • CVE-2022-50902HigJan 13, 2026
    risk 0.55cvss 8.4epss 0.00

    Wondershare FamiSafe 1.0 contains an unquoted service path vulnerability in the FSService that allows local users to potentially execute code with elevated privileges. Attackers can exploit the unquoted path in C:\Program Files (x86)\Wondershare\FamiSafe\ to inject malicious…

  • CVE-2026-11169HigJun 4, 2026
    risk 0.53cvss 8.1epss 0.00

    Inappropriate implementation in XML in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted XML file. (Chromium security severity: Medium)

  • CVE-2025-25589HigMar 18, 2025
    risk 0.53cvss 8.1epss 0.00

    An XML external entity (XXE) injection vulnerability in the component /weixin/aes/XMLParse.java of yimioa before v2024.07.04 allows attackers to execute arbitrary code via supplying a crafted XML file.

  • CVE-2016-6272HigFeb 20, 2018
    risk 0.53cvss 7.5epss 0.21

    XPath injection vulnerability in Epic MyChart allows remote attackers to access contents of an XML document containing static display strings, such as field labels, via the topic parameter to help.asp. NOTE: this was originally reported as a SQL injection vulnerability, but this…

  • CVE-2015-3932HigJul 21, 2017
    risk 0.51cvss 7.8epss 0.02

    Netlock Mokka before 2.7.8.1204 allows remote attackers to perform XML signature wrapping attacks via an e-akta signed document with a ds:Object node with a crafted payload prepended to a valid ds:Object.

  • CVE-2015-3931HigJul 21, 2017
    risk 0.51cvss 7.8epss 0.02

    Microsec e-Szigno before 3.2.7.12 allows remote attackers to perform XML signature wrapping attacks via an e-akta signed document with a ds:Object node with a crafted payload prepended to a valid ds:Object.

  • CVE-2026-46490HigJun 8, 2026
    risk 0.50cvss 8.8epss 0.00

    samlify is a Node.js library for SAML single sign-on. Prior to version 2.13.0, samlify’s template substitution only escapes attribute contexts. Values inserted into element text (e.g., <saml:AttributeValue>) are not escaped. A normal user can inject XML markup into an…

  • CVE-2026-40165HigMay 21, 2026
    risk 0.50cvss 8.7epss 0.00

    authentik is an open-source identity provider. Versions 2025.12.4 and prior, and versions 2026.2.0-rc1 through 2026.2.2 were vulnerable to Authentication Bypass through SAML NameID XML Comment Injection. Due to how authentik extracted the NameID value from a SAML assertion, it…

  • CVE-2026-41675HigMay 7, 2026
    risk 0.50cvss epss 0.00

    xmldom is a pure JavaScript W3C standard-based (XML DOM Level 2 Core) `DOMParser` and `XMLSerializer` module. In @xmldom/xmldom prior to versions 0.9.10 and 0.8.13 and xmldom version 0.6.0 and prior, the package allows attacker-controlled processing instruction data to be…

  • CVE-2026-41674HigMay 7, 2026
    risk 0.50cvss epss 0.00

    xmldom is a pure JavaScript W3C standard-based (XML DOM Level 2 Core) `DOMParser` and `XMLSerializer` module. In @xmldom/xmldom prior to versions 0.9.10 and 0.8.13 and xmldom version 0.6.0 and prior, the package serializes DocumentType node fields (internalSubset, publicId,…

  • CVE-2026-41672HigMay 7, 2026
    risk 0.50cvss epss 0.00

    xmldom is a pure JavaScript W3C standard-based (XML DOM Level 2 Core) `DOMParser` and `XMLSerializer` module. In @xmldom/xmldom prior to versions 0.9.10 and 0.8.13 and xmldom version 0.6.0 and prior, the package allows attacker-controlled comment content to be serialized into…

  • CVE-2025-59952HigSep 30, 2025
    risk 0.50cvss epss 0.00

    MinIO Java SDK is a Simple Storage Service (aka S3) client to perform bucket and object operations to any Amazon S3 compatible object storage service. In minio-java versions prior to 8.6.0, XML tag values containing references to system properties or environment variables were…

  • CVE-2018-1000526HigJun 26, 2018
    risk 0.49cvss 7.5epss 0.02

    Openpsa contains a XML Injection vulnerability in RSS file upload feature that can result in Remote denial of service. This attack appear to be exploitable via Specially crafted XML file. This vulnerability appears to have been fixed in after commit 4974a26.

  • CVE-2017-5654HigMay 12, 2017
    risk 0.49cvss 7.5epss 0.02

    In Ambari 2.4.x (before 2.4.3) and Ambari 2.5.0, an authorized user of the Ambari Hive View may be able to gain unauthorized read access to files on the host where the Ambari server executes.

  • CVE-2018-16784HigSep 21, 2018
    risk 0.47cvss 7.2epss 0.02

    DedeCMS 5.7 SP2 allows XML injection, and resultant remote code execution, via a "<file type='file' name='../" substring.

  • CVE-2024-28109HigMar 28, 2024
    risk 0.46cvss 8.1epss 0.01

    veraPDF-library is a PDF/A validation library. Executing policy checks using custom schematron files invokes an XSL transformation that could lead to a remote code execution (RCE) vulnerability. This vulnerability is fixed in 1.24.2.

  • CVE-2017-10603HigJul 17, 2017
    risk 0.46cvss 7.0epss 0.00

    An XML injection vulnerability in Junos OS CLI can allow a locally authenticated user to elevate privileges and run arbitrary commands as the root user. This issue was found during internal product security testing. Affected releases are Juniper Networks Junos OS 15.1X53 prior…

  • CVE-2025-9375MedSep 1, 2025
    risk 0.45cvss epss 0.00

    XML Injection vulnerability in xmltodict allows Input Data Manipulation. This issue affects xmltodict: from 0.14.2 before 0.15.1. NOTE: the scope of this CVE is disputed by the vendor on the grounds that xmltodict.unparse() delegates element-name handling to Python's…