CVEbaza.plSłownik CWECWE-91
Common Weakness Enumeration

CWE-91

XML Injection (aka Blind XPath Injection)

Kategoria: BaseCVE: 150
Opis

Produkt nie neutralizuje prawidłowo specjalnych elementów używanych w XML, co pozwala atakującym modyfikować składnię, zawartość lub polecenia XML przed jego przetworzeniem przez system końcowy. Luka ta umożliwia zmianę logiki przetwarzania danych XML poprzez wstawienie złośliwego kodu.

Description (EN)

The product does not properly neutralize special elements that are used in XML, allowing attackers to modify the syntax, content, or commands of the XML before it is processed by an end system.

Podatności CVE z CWE-91 (150)
10.0
CVSS
CRITICAL
CVE-2021-4140

It was possible to construct specific XSLT markup that would be able to bypass an iframe sandbox. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird < 91.5.

pub. 2022-12-22
9.8
CVSS
CRITICAL
CVE-2024-51136

W komponencie Dmoz2CSV biblioteki OpenIMAJ v1.3.10 wykryto podatność typu XML External Entity (XXE), która pozwala atakującemu na uzyskanie dostępu do wrażliwych danych lub wykonanie dowolnego kodu. Podatność otrzymała ocenę CVSS 9.8 (CRITICAL) i nie wymaga żadnego uwierzytelnienia ani interakcji użytkownika.

pub. 2024-11-04
9.8
CVSS
CRITICAL
CVE-2023-43187

A remote code execution (RCE) vulnerability in the xmlrpc.php endpoint of NodeBB Inc NodeBB forum software prior to v1.18.6 allows attackers to execute arbitrary code via crafted XML-RPC requests.

pub. 2023-09-27
9.8
CVSS
CRITICAL
CVE-2019-19450

paraparser in ReportLab before 3.5.31 allows remote code execution because start_unichar in paraparser.py evaluates untrusted user input in a unichar element in a crafted XML document with '<unichar code="' followed by arbitrary Python code, a similar issue to CVE-2019-17626.

pub. 2023-09-20
9.8
CVSS
CRITICAL
CVE-2021-37154

In ForgeRock Access Management (AM) before 7.0.2, the SAML2 implementation allows XML injection, potentially enabling a fraudulent SAML 2.0 assertion.

pub. 2021-08-25
9.8
CVSS
CRITICAL
CVE-2020-29128

petl before 1.68, in some configurations, allows resolution of entities in an XML document.

pub. 2020-11-26
9.8
CVSS
CRITICAL
CVE-2020-25216

yWorks yEd Desktop before 3.20.1 allows code execution via an XSL Transformation when using an XML file in conjunction with a custom stylesheet.

pub. 2020-09-17
9.8
CVSS
CRITICAL
CVE-2020-11535

An issue was discovered in ONLYOFFICE Document Server 5.5.0. An attacker can craft a malicious .docx file, and exploit XML injection to enter an attacker-controlled parameter into the x2t binary, to rewrite this binary and/or libxcb.so.1, and execute code on a victim's server.

pub. 2020-04-15
9.8
CVSS
CRITICAL
CVE-2015-6970

The web interface in Bosch Security Systems NBN-498 Dinion2X Day/Night IP Cameras with H.264 Firmware 4.54.0026 allows remote attackers to conduct XML injection attacks via the idstring parameter to rcp.xml.

pub. 2020-02-18
9.8
CVSS
CRITICAL
CVE-2020-0646

A remote code execution vulnerability exists when the Microsoft .NET Framework fails to validate input properly, aka '.NET Framework Remote Code Execution Injection Vulnerability'.

pub. 2020-01-14🚩 CISA KEV⚡ EXPLOIT
9.8
CVSS
CRITICAL
CVE-2019-8158

An XPath entity injection vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An attacker can craft a GET request to page cache block rendering module that gets passed to XML data processing engine without validation. The crafted key/value GET request data allows an attacker to limited access to underlying XML data.

pub. 2019-11-06
9.8
CVSS
CRITICAL
CVE-2013-4857

D-Link DIR-865L has PHP File Inclusion in the router xml file.

pub. 2019-10-25
9.8
CVSS
CRITICAL
CVE-2019-17626

ReportLab through 3.5.26 allows remote code execution because of toColor(eval(arg)) in colors.py, as demonstrated by a crafted XML document with '<span color="' followed by arbitrary Python code.

pub. 2019-10-16
9.8
CVSS
CRITICAL
CVE-2019-16941

NSA Ghidra through 9.0.4, when experimental mode is enabled, allows arbitrary code execution if the Read XML Files feature of Bit Patterns Explorer is used with a modified XML document. This occurs in Features/BytePatterns/src/main/java/ghidra/bitpatterns/info/FileBitPatternInfoReader.java. An attack could start with an XML document that was originally created by DumpFunctionPatternInfoScript but then directly modified by an attacker (for example, to make a java.lang.Runtime.exec call).

pub. 2019-09-28
9.8
CVSS
CRITICAL
CVE-2019-14277

Axway SecureTransport 5.x through 5.3 (or 5.x through 5.5 with certain API configuration) is vulnerable to unauthenticated blind XML injection (and XXE) in the resetPassword functionality via the REST API. This vulnerability can lead to local file disclosure, DoS, or URI invocation attacks (i.e., SSRF with resultant remote code execution). NOTE: The vendor disputes this issues as not being a vulnerability because “All attacks that use external entities are blocked (no external DTD or file inclusions, no SSRF). The impact on confidentiality, integrity and availability is not proved on any version.

pub. 2019-07-26
9.8
CVSS
CRITICAL
CVE-2013-7429

The Googlemaps plugin before 3.1 for Joomla! allows remote attackers to conduct XML injection attacks via the url parameter to plugin_googlemap2_proxy.php.

pub. 2017-09-14
9.4
CVSS
CRITICAL
CVE-2020-8479

For the Central Licensing Server component used in ABB products ABB Ability™ System 800xA and related system extensions versions 5.1, 6.0 and 6.1, Compact HMI versions 5.1 and 6.0, Control Builder Safe 1.0, 1.1 and 2.0, Symphony Plus -S+ Operations 3.0 to 3.2 Symphony Plus -S+ Engineering 1.1 to 2.2, Composer Harmony 5.1, 6.0 and 6.1, Melody Composer 5.3, 6.1/6.2 and SPE for Melody 1.0SPx (Composer 6.3), Harmony OPC Server (HAOPC) Standalone 6.0, 6.1 and 7.0, ABB Ability™ System 800xA/ Advant® OCS Control Builder A 1.3 and 1.4, Advant® OCS AC100 OPC Server 5.1, 6.0 and 6.1, Composer CTK 6.1 and 6.2, AdvaBuild 3.7 SP1 and SP2, OPCServer for MOD 300 (non-800xA) 1.4, OPC Data Link 2.1 and 2.2, Knowledge Manager 8.0, 9.0 and 9.1, Manufacturing Operations Management 1812 and 1909, ABB AbilityTM SCADAvantage versions 5.1 to 5.6.5. an XML External Entity Injection vulnerability exists that allows an attacker to read or call arbitrary files from the license server and/or from the network and also block the license handling.

pub. 2020-04-29
9.1
CVSS
CRITICAL
CVE-2021-38948

IBM InfoSphere Information Server 11.7 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 211402.

pub. 2021-11-02
9.1
CVSS
CRITICAL
CVE-2021-36022

Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an XML Injection vulnerability in the Widgets Update Layout. An attacker with admin privileges can trigger a specially crafted script to achieve remote code execution.

pub. 2021-09-01
9.1
CVSS
CRITICAL
CVE-2021-36028

Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an XML Injection vulnerability when saving a configurable product. An attacker with admin privileges can trigger a specially crafted script to achieve remote code execution.

pub. 2021-09-01
Pokazano 20 z 150 podatności
Informacje
ID: CWE-91
Typ: Base
Podatności: 150
MITRE CWE ↗
← Słownik CWE
CWE-91 — Iniekcja XML (znana również jako Ślepa Iniekcja XPath) | Słownik CWE | CVEbaza.pl