Vulnerabilities (CVE)

Filtered by CWE-91
Total 83 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2019-19450 1 Reportlab 1 Reportlab 2023-09-29 N/A 9.8 CRITICAL
paraparser in ReportLab before 3.5.31 allows remote code execution because start_unichar in evaluates untrusted user input in a unichar element in a crafted XML document with '<unichar code="' followed by arbitrary Python code, a similar issue to CVE-2019-17626.
CVE-2023-43187 1 Nodebb 1 Nodebb 2023-09-28 N/A 9.8 CRITICAL
A remote code execution (RCE) vulnerability in the xmlrpc.php endpoint of NodeBB Inc NodeBB forum software prior to v1.18.6 allows attackers to execute arbitrary code via crafted XML-RPC requests.
CVE-2020-25216 1 Yworks 1 Yed 2023-09-28 7.5 HIGH 9.8 CRITICAL
yWorks yEd Desktop before 3.20.1 allows code execution via an XSL Transformation when using an XML file in conjunction with a custom stylesheet.
CVE-2023-38207 1 Adobe 1 Commerce 2023-09-14 N/A 7.5 HIGH
Adobe Commerce versions 2.4.6-p1 (and earlier), 2.4.5-p3 (and earlier) and 2.4.4-p4 (and earlier) are affected by a XML Injection (aka Blind XPath Injection) vulnerability that could lead in minor arbitrary file system read. Exploitation of this issue does not require user interaction.
CVE-2022-46751 1 Apache 1 Ivy 2023-09-06 N/A 8.2 HIGH
Improper Restriction of XML External Entity Reference, XML Injection (aka Blind XPath Injection) vulnerability in Apache Software Foundation Apache Ivy.This issue affects any version of Apache Ivy prior to 2.5.2. When Apache Ivy prior to 2.5.2 parses XML files - either its own configuration, Ivy files or Apache Maven POMs - it will allow downloading external document type definitions and expand any entity references contained therein when used. This can be used to exfiltrate data, access resources only the machine running Ivy has access to or disturb the execution of Ivy in different ways. Starting with Ivy 2.5.2 DTD processing is disabled by default except when parsing Maven POMs where the default is to allow DTD processing but only to include a DTD snippet shipping with Ivy that is needed to deal with existing Maven POMs that are not valid XML files but are nevertheless accepted by Maven. Access can be be made more lenient via newly introduced system properties where needed. Users of Ivy prior to version 2.5.2 can use Java system properties to restrict processing of external DTDs, see the section about "JAXP Properties for External Access restrictions" inside Oracle's "Java API for XML Processing (JAXP) Security Guide".
CVE-2023-40612 1 Opennms 2 Horizon, Meridian 2023-08-30 N/A 8.0 HIGH
In OpenMNS Horizon 31.0.8 and versions earlier than 32.0.2, the file editor which is accessible to any user with ROLE_FILESYSTEM_EDITOR privileges is vulnerable to XXE injection attacks. The solution is to upgrade to Meridian 2023.1.5 or Horizon 32.0.2 or newer. Meridian and Horizon installation instructions state that they are intended for installation within an organization's private networks and should not be directly accessible from the Internet. OpenNMS thanks Erik Wynter for reporting this issue.
CVE-2023-27253 1 Netgate 1 Pfsense 2023-07-13 N/A 8.8 HIGH
A command injection vulnerability in the function restore_rrddata() of Netgate pfSense v2.7.0 allows authenticated attackers to execute arbitrary commands via manipulating the contents of an XML file supplied to the component config.xml.
CVE-2023-29289 1 Adobe 2 Commerce, Magento 2023-06-22 N/A 6.5 MEDIUM
Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by an XML Injection vulnerability. An attacker with low privileges can trigger a specially crafted script to a security feature bypass. Exploitation of this issue does not require user interaction.
CVE-2019-25137 1 Umbraco 1 Umbraco Cms 2023-05-26 N/A 7.2 HIGH
Umbraco CMS 4.11.8 through 7.15.10, and 7.12.4, allows Remote Code Execution by authenticated administrators via msxsl:script in an xsltSelection to developer/Xslt/xsltVisualize.aspx.
CVE-2013-4857 1 Dlink 2 Dir-865l, Dir-865l Firmware 2023-04-26 7.5 HIGH 9.8 CRITICAL
D-Link DIR-865L has PHP File Inclusion in the router xml file.
CVE-2023-22247 1 Adobe 2 Commerce, Magento Open Source 2023-04-04 N/A 7.5 HIGH
Adobe Commerce versions 2.4.4-p2 (and earlier) and 2.4.5-p1 (and earlier) are affected by an XML Injection vulnerability that could lead to arbitrary file system read. An unauthenticated attacker can force the application to make arbitrary requests via injection of arbitrary URLs. Exploitation of this issue does not require user interaction.
CVE-2020-29599 2 Debian, Imagemagick 2 Debian Linux, Imagemagick 2023-03-11 6.8 MEDIUM 7.8 HIGH
ImageMagick before 6.9.11-40 and 7.x before 7.0.10-40 mishandles the -authenticate option, which allows setting a password for password-protected PDF files. The user-controlled password was not properly escaped/sanitized and it was therefore possible to inject additional shell commands via coders/pdf.c.
CVE-2022-27233 1 Intel 1 Quartus Prime 2023-02-07 N/A 7.5 HIGH
XML injection in the Quartus(R) Prime Programmer included in the Intel(R) Quartus Prime Pro and Standard edition software may allow an unauthenticated user to potentially enable information disclosure via network access.
CVE-2023-22485 1 Github 1 Cmark-gfm 2023-02-02 N/A 5.3 MEDIUM
cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and rendering library and program in C. In versions prior 0.29.0.gfm.7, a crafted markdown document can trigger an out-of-bounds read in the `validate_protocol` function. We believe this bug is harmless in practice, because the out-of-bounds read accesses `malloc` metadata without causing any visible damage.This vulnerability has been patched in 0.29.0.gfm.7.
CVE-2019-9892 2 Debian, Otrs 2 Debian Linux, Otrs 2023-01-20 4.0 MEDIUM 6.5 MEDIUM
An issue was discovered in Open Ticket Request System (OTRS) 5.x through 5.0.34, 6.x through 6.0.17, and 7.x through 7.0.6. An attacker who is logged into OTRS as an agent user with appropriate permissions may try to import carefully crafted Report Statistics XML that will result in reading of arbitrary files on the OTRS filesystem.
CVE-2021-4140 1 Mozilla 3 Firefox, Firefox Esr, Thunderbird 2023-01-03 N/A 10.0 CRITICAL
It was possible to construct specific XSLT markup that would be able to bypass an iframe sandbox. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird < 91.5.
CVE-2019-4539 1 Ibm 1 Security Directory Server 2022-12-07 5.5 MEDIUM 7.1 HIGH
IBM Security Directory Server 6.4.0 does not properly neutralize special elements that are used in XML, allowing attackers to modify the syntax, content, or commands of the XML before it is processed by an end system. IBM X-Force ID: 165812.
CVE-2022-35259 1 Ivanti 1 Endpoint Manager 2022-12-07 N/A 7.8 HIGH
XML Injection with Endpoint Manager 2022. 3 and below causing a download of a malicious file to run and possibly execute to gain unauthorized privileges.
CVE-2020-8479 1 Abb 3 800xa System, Compact Hmi, Control Builder Safe 2022-10-28 7.5 HIGH 9.8 CRITICAL
For the Central Licensing Server component used in ABB products ABB Ability™ System 800xA and related system extensions versions 5.1, 6.0 and 6.1, Compact HMI versions 5.1 and 6.0, Control Builder Safe 1.0, 1.1 and 2.0, Symphony Plus -S+ Operations 3.0 to 3.2 Symphony Plus -S+ Engineering 1.1 to 2.2, Composer Harmony 5.1, 6.0 and 6.1, Melody Composer 5.3, 6.1/6.2 and SPE for Melody 1.0SPx (Composer 6.3), Harmony OPC Server (HAOPC) Standalone 6.0, 6.1 and 7.0, ABB Ability™ System 800xA/ Advant® OCS Control Builder A 1.3 and 1.4, Advant® OCS AC100 OPC Server 5.1, 6.0 and 6.1, Composer CTK 6.1 and 6.2, AdvaBuild 3.7 SP1 and SP2, OPCServer for MOD 300 (non-800xA) 1.4, OPC Data Link 2.1 and 2.2, Knowledge Manager 8.0, 9.0 and 9.1, Manufacturing Operations Management 1812 and 1909, ABB AbilityTM SCADAvantage versions 5.1 to 5.6.5. an XML External Entity Injection vulnerability exists that allows an attacker to read or call arbitrary files from the license server and/or from the network and also block the license handling.
CVE-2021-36022 1 Adobe 2 Adobe Commerce, Magento Open Source 2022-10-24 6.5 MEDIUM 7.2 HIGH
Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an XML Injection vulnerability in the Widgets Update Layout. An attacker with admin privileges can trigger a specially crafted script to achieve remote code execution.