CWE-91
XML Injection (aka Blind XPath Injection)
Description
The product does not properly neutralize special elements that are used in XML, allowing attackers to modify the syntax, content, or commands of the XML before it is processed by an end system.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-250 · CAPEC-83
CVEs mapped to this weakness (64)
page 4 of 4| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2018-19277 | — | 0.00 | — | 0.08 | Nov 14, 2018 | securityScan() in PHPOffice PhpSpreadsheet through 1.5.0 allows a bypass of protection mechanisms for XXE via UTF-7 encoding in a .xlsx file | ||
| CVE-2013-6408 | 0.00 | — | 0.11 | Dec 7, 2013 | The DocumentAnalysisRequestHandler in Apache Solr before 4.3.1 does not properly use the EmptyEntityResolver, which allows remote attackers to have an unspecified impact via XML data containing an external entity declaration in conjunction with an entity reference, related to an… | |||
| CVE-2013-4221 | 0.00 | — | 0.03 | Oct 10, 2013 | The default configuration of the ObjectRepresentation class in Restlet before 2.1.4 deserializes objects from untrusted sources using the Java XMLDecoder, which allows remote attackers to execute arbitrary Java code via crafted XML. | |||
| CVE-2008-5024 | 0.00 | — | 0.04 | Nov 13, 2008 | Mozilla Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 do not properly escape quote characters used for XML processing, which allows remote attackers to conduct XML injection attacks via the default… |
- CVE-2018-19277Nov 14, 2018risk 0.00cvss —epss 0.08
securityScan() in PHPOffice PhpSpreadsheet through 1.5.0 allows a bypass of protection mechanisms for XXE via UTF-7 encoding in a .xlsx file
- CVE-2013-6408Dec 7, 2013risk 0.00cvss —epss 0.11
The DocumentAnalysisRequestHandler in Apache Solr before 4.3.1 does not properly use the EmptyEntityResolver, which allows remote attackers to have an unspecified impact via XML data containing an external entity declaration in conjunction with an entity reference, related to an…
- CVE-2013-4221Oct 10, 2013risk 0.00cvss —epss 0.03
The default configuration of the ObjectRepresentation class in Restlet before 2.1.4 deserializes objects from untrusted sources using the Java XMLDecoder, which allows remote attackers to execute arbitrary Java code via crafted XML.
- CVE-2008-5024Nov 13, 2008risk 0.00cvss —epss 0.04
Mozilla Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 do not properly escape quote characters used for XML processing, which allows remote attackers to conduct XML injection attacks via the default…