Total
88 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-17626 | 1 Reportlab | 1 Reportlab | 2024-07-19 | 7.5 HIGH | 9.8 CRITICAL |
| ReportLab through 3.5.26 allows remote code execution because of toColor(eval(arg)) in colors.py, as demonstrated by a crafted XML document with '<span color="' followed by arbitrary Python code. | |||||
| CVE-2023-35858 | 2024-07-03 | N/A | 5.3 MEDIUM | ||
| XPath Injection vulnerabilities in the blog and RSS functions of Modern Campus - Omni CMS 2023.1 allow a remote, unauthenticated attacker to obtain application information. | |||||
| CVE-2019-14277 | 1 Axway | 1 Securetransport | 2024-05-17 | 7.5 HIGH | 9.8 CRITICAL |
| Axway SecureTransport 5.x through 5.3 (or 5.x through 5.5 with certain API configuration) is vulnerable to unauthenticated blind XML injection (and XXE) in the resetPassword functionality via the REST API. This vulnerability can lead to local file disclosure, DoS, or URI invocation attacks (i.e., SSRF with resultant remote code execution). NOTE: The vendor disputes this issues as not being a vulnerability because “All attacks that use external entities are blocked (no external DTD or file inclusions, no SSRF). The impact on confidentiality, integrity and availability is not proved on any version. | |||||
| CVE-2023-32173 | 2024-05-03 | N/A | 5.8 MEDIUM | ||
| Unified Automation UaGateway AddServer XML Injection Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Unified Automation UaGateway. Authentication is required to exploit this vulnerability when the product is in its default configuration. The specific flaw exists within the implementation of the AddServer method. By specifying crafted arguments, an attacker can cause invalid characters to be inserted into an XML configuration file. An attacker can leverage this vulnerability to create a persistent denial-of-service condition on the system. . Was ZDI-CAN-20576. | |||||
| CVE-2023-27328 | 2024-05-03 | N/A | 7.8 HIGH | ||
| Parallels Desktop Toolgate XML Injection Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the Toolgate component. The issue results from the lack of proper validation of a user-supplied string before using it to construct an XML document. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the hypervisor. Was ZDI-CAN-19187. | |||||
| CVE-2019-19450 | 2 Debian, Reportlab | 2 Debian Linux, Reportlab | 2024-04-28 | N/A | 9.8 CRITICAL |
| paraparser in ReportLab before 3.5.31 allows remote code execution because start_unichar in paraparser.py evaluates untrusted user input in a unichar element in a crafted XML document with '<unichar code="' followed by arbitrary Python code, a similar issue to CVE-2019-17626. | |||||
| CVE-2023-46214 | 1 Splunk | 2 Cloud, Splunk | 2024-04-10 | N/A | 8.8 HIGH |
| In Splunk Enterprise versions below 9.0.7 and 9.1.2, Splunk Enterprise does not safely sanitize extensible stylesheet language transformations (XSLT) that users supply. This means that an attacker can upload malicious XSLT which can result in remote code execution on the Splunk Enterprise instance. | |||||
| CVE-2024-28109 | 2024-03-28 | N/A | 8.1 HIGH | ||
| veraPDF-library is a PDF/A validation library. Executing policy checks using custom schematron files invokes an XSL transformation that could lead to a remote code execution (RCE) vulnerability. This vulnerability is fixed in 1.24.2. | |||||
| CVE-2013-7429 | 1 Mapsplugin | 1 Googlemaps | 2024-02-14 | 7.5 HIGH | 9.8 CRITICAL |
| The Googlemaps plugin before 3.1 for Joomla! allows remote attackers to conduct XML injection attacks via the url parameter to plugin_googlemap2_proxy.php. | |||||
| CVE-2023-40612 | 1 Opennms | 2 Horizon, Meridian | 2023-12-10 | N/A | 8.0 HIGH |
| In OpenMNS Horizon 31.0.8 and versions earlier than 32.0.2, the file editor which is accessible to any user with ROLE_FILESYSTEM_EDITOR privileges is vulnerable to XXE injection attacks. The solution is to upgrade to Meridian 2023.1.5 or Horizon 32.0.2 or newer. Meridian and Horizon installation instructions state that they are intended for installation within an organization's private networks and should not be directly accessible from the Internet. OpenNMS thanks Erik Wynter for reporting this issue. | |||||
| CVE-2022-46751 | 1 Apache | 1 Ivy | 2023-12-10 | N/A | 8.2 HIGH |
| Improper Restriction of XML External Entity Reference, XML Injection (aka Blind XPath Injection) vulnerability in Apache Software Foundation Apache Ivy.This issue affects any version of Apache Ivy prior to 2.5.2. When Apache Ivy prior to 2.5.2 parses XML files - either its own configuration, Ivy files or Apache Maven POMs - it will allow downloading external document type definitions and expand any entity references contained therein when used. This can be used to exfiltrate data, access resources only the machine running Ivy has access to or disturb the execution of Ivy in different ways. Starting with Ivy 2.5.2 DTD processing is disabled by default except when parsing Maven POMs where the default is to allow DTD processing but only to include a DTD snippet shipping with Ivy that is needed to deal with existing Maven POMs that are not valid XML files but are nevertheless accepted by Maven. Access can be be made more lenient via newly introduced system properties where needed. Users of Ivy prior to version 2.5.2 can use Java system properties to restrict processing of external DTDs, see the section about "JAXP Properties for External Access restrictions" inside Oracle's "Java API for XML Processing (JAXP) Security Guide". | |||||
| CVE-2023-38207 | 1 Adobe | 1 Commerce | 2023-12-10 | N/A | 7.5 HIGH |
| Adobe Commerce versions 2.4.6-p1 (and earlier), 2.4.5-p3 (and earlier) and 2.4.4-p4 (and earlier) are affected by a XML Injection (aka Blind XPath Injection) vulnerability that could lead in minor arbitrary file system read. Exploitation of this issue does not require user interaction. | |||||
| CVE-2023-43187 | 1 Nodebb | 1 Nodebb | 2023-12-10 | N/A | 9.8 CRITICAL |
| A remote code execution (RCE) vulnerability in the xmlrpc.php endpoint of NodeBB Inc NodeBB forum software prior to v1.18.6 allows attackers to execute arbitrary code via crafted XML-RPC requests. | |||||
| CVE-2019-25137 | 1 Umbraco | 1 Umbraco Cms | 2023-12-10 | N/A | 7.2 HIGH |
| Umbraco CMS 4.11.8 through 7.15.10, and 7.12.4, allows Remote Code Execution by authenticated administrators via msxsl:script in an xsltSelection to developer/Xslt/xsltVisualize.aspx. | |||||
| CVE-2023-27253 | 1 Netgate | 1 Pfsense | 2023-12-10 | N/A | 8.8 HIGH |
| A command injection vulnerability in the function restore_rrddata() of Netgate pfSense v2.7.0 allows authenticated attackers to execute arbitrary commands via manipulating the contents of an XML file supplied to the component config.xml. | |||||
| CVE-2023-29289 | 1 Adobe | 2 Commerce, Magento | 2023-12-10 | N/A | 6.5 MEDIUM |
| Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by an XML Injection vulnerability. An attacker with low privileges can trigger a specially crafted script to a security feature bypass. Exploitation of this issue does not require user interaction. | |||||
| CVE-2023-22247 | 1 Adobe | 2 Commerce, Magento Open Source | 2023-12-10 | N/A | 7.5 HIGH |
| Adobe Commerce versions 2.4.4-p2 (and earlier) and 2.4.5-p1 (and earlier) are affected by an XML Injection vulnerability that could lead to arbitrary file system read. An unauthenticated attacker can force the application to make arbitrary requests via injection of arbitrary URLs. Exploitation of this issue does not require user interaction. | |||||
| CVE-2021-4140 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2023-12-10 | N/A | 10.0 CRITICAL |
| It was possible to construct specific XSLT markup that would be able to bypass an iframe sandbox. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird < 91.5. | |||||
| CVE-2023-22485 | 1 Github | 1 Cmark-gfm | 2023-12-10 | N/A | 5.3 MEDIUM |
| cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and rendering library and program in C. In versions prior 0.29.0.gfm.7, a crafted markdown document can trigger an out-of-bounds read in the `validate_protocol` function. We believe this bug is harmless in practice, because the out-of-bounds read accesses `malloc` metadata without causing any visible damage.This vulnerability has been patched in 0.29.0.gfm.7. | |||||
| CVE-2022-35259 | 1 Ivanti | 1 Endpoint Manager | 2023-12-10 | N/A | 7.8 HIGH |
| XML Injection with Endpoint Manager 2022. 3 and below causing a download of a malicious file to run and possibly execute to gain unauthorized privileges. | |||||