Description
The product accepts XML from an untrusted source but does not validate the XML against the proper schema.
Extended Description
Most successful attacks begin with a violation of the programmer's assumptions. By accepting an XML document without validating it against a DTD or XML schema, the programmer leaves a door open for attackers to provide unexpected, unreasonable, or malicious input.
CVE vulnerabilities with CWE-112 (8)
8.1
CVSS
HIGH
CVE-2025-68493
pub. 2026-01-11
8.1
CVSS
HIGH
CVE-2022-28213
pub. 2022-04-12
6.8
CVSS
MEDIUM
CVE-2020-1975
pub. 2020-02-12
6.5
CVSS
MEDIUM
CVE-2023-40310
pub. 2023-10-10
6.3
CVSS
MEDIUM
CVE-2021-1359
pub. 2021-07-08
5.3
CVSS
MEDIUM
CVE-2021-27780
pub. 2022-05-27
4.3
CVSS
MEDIUM
CVE-2020-27282
pub. 2021-03-15
3.1
CVSS
LOW
CVE-2026-1190
pub. 2026-01-26