CWE-91 - XML Injection

Description

The software does not properly neutralize special elements that are used in XML, allowing attackers to modify the syntax, content, or commands of the XML before it is processed by an end system.

Within XML, special elements could include reserved words or characters such as "<", ">", """, and "&", which could then be used to add new data or modify XML syntax.

Latest vulnerabilities for CWE-91

Multiple vulnerabilities in Oracle WebLogic Server 2024-01-16
High Yes

XML injection in HtmlUnit 2023-12-03
Medium Yes

XML injection in Splunk Enterprise 2023-11-17
Medium Yes

XML injection in e-Tax software 2023-11-06
Low Yes

Multiple vulnerabilities in Oracle Linux 2023-10-18
Critical Yes

XML injection in ReportLab 2023-10-17
High Yes

Multiple vulnerabilities in Adobe Commerce and Magento Open Source 2023-08-08
Medium Yes

Multiple vulnerabilities in Codehaus plexus-utils 2023-06-29
Medium Yes

Multiple vulnerabilities in Adobe Commerce and Magento Open Source 2023-06-16
Medium Yes

Multiple vulnerabilities in Unified Automation UaGateway 2023-06-01
Medium Yes

References

Description of CWE-91 on Mitre website