Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-91 (XML注入(XPath盲注)) — Vulnerability Class 45

45 vulnerabilities classified as CWE-91 (XML注入(XPath盲注)). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2026-32870 Kirby has XML injection in its XML creator toolkit — kirby 7.1AIHighAI2026-04-24
CVE-2026-34601 xmldom: XML injection via unsafe CDATA serialization allows attacker-controlled markup insertion — xmldom 7.5 High2026-04-02
CVE-2026-28770 XML injection In /IDC_Logging/checkifdone.cgi Endpoint On IDC SFX Web Management Interface Version 101 — SFX Series SuperFlex Satellite Receiver Web management interface 5.4AIMediumAI2026-03-04
CVE-2026-1554 Central Authentication System (CAS) Server - Less critical - XML Element Injection - SA-CONTRIB-2026-007 — Central Authentication System (CAS) Server 8.8AIHighAI2026-02-04
CVE-2022-50902 Wondershare FamiSafe 1.0 - 'FSService' Unquoted Service Path — Wondershare FamiSafe 8.4 High2026-01-13
CVE-2025-1545 WatchGuard Firebox XPath Injection Vulnerability in Web CGI — Fireware OS 7.5AIHighAI2025-12-04
CVE-2025-66034 fontTools is Vulnerable to Arbitrary File Write and XML injection in fontTools.varLib — fonttools 6.3 Medium2025-11-29
CVE-2025-12921 OpenClinica Community Edition CRF Data Import ImportCRFData xml injection — Community Edition 4.3 Medium2025-11-09
CVE-2025-7473 XML Injection — Endpoint Central 5.2 Medium2025-10-21
CVE-2025-54251 Adobe Experience Manager | XML Injection (aka Blind XPath Injection) (CWE-91) — Adobe Experience Manager 4.3 Medium2025-09-09
CVE-2025-24404 Apache HertzBeat (incubating): RCE by parse http sitemap xml response — Apache HertzBeat (incubating) 8.8AIHighAI2025-09-09
CVE-2025-9375 xmltodict 0.14.2 - XML Injection — xmltodict 9.1AICriticalAI2025-09-01
CVE-2025-49538 ColdFusion | XML Injection (aka Blind XPath Injection) (CWE-91) — ColdFusion 7.4 High2025-07-08
CVE-2024-47113 IBM ICP - Voice Gateway XML injection — Voice Gateway 8.1 High2025-01-18
CVE-2024-13190 ZeroWdd myblog BlogMapper.xml xml injection — myblog 6.3 Medium2025-01-08
CVE-2024-53675 Hewlett Packard Enterprise Insight Remote Support 安全漏洞 — HPE Insight Remote Support 7.3 High2024-11-26
CVE-2024-53674 Hewlett Packard Enterprise Insight Remote Support 安全漏洞 — HPE Insight Remote Support 7.3 High2024-11-26
CVE-2024-11622 Hewlett Packard Enterprise Insight Remote Support 安全漏洞 — HPE Insight Remote Support 7.3 High2024-11-26
CVE-2024-42374 XML injection in SAP BEx Web Java Runtime Export Web Service — SAP BEx Web Java Runtime Export Web Service 8.2 High2024-08-13
CVE-2023-32173 Unified Automation UaGateway AddServer XML Injection Denial-of-Service Vulnerability — UaGateway 6.5 -2024-05-03
CVE-2023-27328 Parallels Desktop Toolgate XML Injection Local Privilege Escalation Vulnerability — Desktop 8.8 -2024-05-03
CVE-2024-28109 Potential XSLT injection vulnerability when using policy files — veraPDF-library 8.1 High2024-03-28
CVE-2023-46214 Remote code execution (RCE) in Splunk Enterprise through Insecure XML Parsing — Splunk Enterprise 8.0 High2023-11-16
CVE-2022-32755 IBM Security Directory Server external entity injection — Security Directory Server 5.5 Medium2023-10-14
CVE-2022-4245 Codehaus-plexus: xml external entity (xxe) injection — RHINT Camel-K-1.10.1 4.3 Medium2023-09-25
CVE-2023-40612 Authenticated XXE Injection Via The File Editor — Horizon 5.3 Medium2023-08-23
CVE-2023-38207 Adobe Commerce XML Injection (aka Blind XPath Injection) Arbitrary file system read — Adobe Commerce 7.5 High2023-08-09
CVE-2023-29289 Adobe Commerce XML Injection Security feature bypass — Magento Commerce 6.5 Medium2023-06-15
CVE-2023-22247 Adobe Commerce XML Injection Arbitrary file system read — Magento Commerce 7.5 High2023-03-27
CVE-2022-35259 Ivanti Endpoint Manager 安全漏洞 — Ivanti Endpoint Manager 7.8 -2022-12-05

Vulnerabilities classified as CWE-91 (XML注入(XPath盲注)) represent 45 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.