CVEs classified under CWE-91 (XML Injection), ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (50)
CVE-2021-4140 — CVSS 10.0 (critical): It was possible to construct specific XSLT markup that would be able to bypass an iframe sandbox. This vulnerability affects Firefox ESR <…
CVE-2023-43187 — CVSS 9.8 (critical): A remote code execution (RCE) vulnerability in the xmlrpc.php endpoint of NodeBB Inc NodeBB forum software prior to v1.18.6 allows…
CVE-2019-19450 — CVSS 9.8 (critical): paraparser in ReportLab before 3.5.31 allows remote code execution because start_unichar in paraparser.py evaluates untrusted user input in…
CVE-2021-37154 — CVSS 9.8 (critical): In ForgeRock Access Management (AM) before 7.0.2, the SAML2 implementation allows XML injection, potentially enabling a fraudulent SAML 2.0…
CVE-2020-25216 — CVSS 9.8 (critical): yWorks yEd Desktop before 3.20.1 allows code execution via an XSL Transformation when using an XML file in conjunction with a custom…
CVE-2020-11535 — CVSS 9.8 (critical): An issue was discovered in ONLYOFFICE Document Server 5.5.0. An attacker can craft a malicious .docx file, and exploit XML injection to…
CVE-2015-6970 — CVSS 9.8 (critical): The web interface in Bosch Security Systems NBN-498 Dinion2X Day/Night IP Cameras with H.264 Firmware 4.54.0026 allows remote attackers to…
CVE-2019-8158 — CVSS 9.8 (critical): An XPath entity injection vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An attacker can…
CVE-2019-17626 — CVSS 9.8 (critical): ReportLab through 3.5.26 allows remote code execution because of toColor(eval(arg)) in colors.py, as demonstrated by a crafted XML document…
CVE-2019-16941 — CVSS 9.8 (critical): NSA Ghidra through 9.0.4, when experimental mode is enabled, allows arbitrary code execution if the Read XML Files feature of Bit Patterns…
CVE-2019-14277 — CVSS 9.8 (critical): Axway SecureTransport 5.x through 5.3 (or 5.x through 5.5 with certain API configuration) is vulnerable to unauthenticated blind XML…
CVE-2013-7429 — CVSS 9.8 (critical): The Googlemaps plugin before 3.1 for Joomla! allows remote attackers to conduct XML injection attacks via the url parameter to…
CVE-2020-8479 — CVSS 9.4 (critical): For the Central Licensing Server component used in ABB products ABB Ability™ System 800xA and related system extensions versions 5.1, 6.0…
CVE-2021-38948 — CVSS 9.1 (critical): IBM InfoSphere Information Server 11.7 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote…
CVE-2021-36033 — CVSS 9.1 (critical): Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an XML Injection…
CVE-2021-36028 — CVSS 9.1 (critical): Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an XML Injection…
CVE-2021-36022 — CVSS 9.1 (critical): Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an XML Injection…
CVE-2021-21025 — CVSS 9.1 (critical): Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are vulnerable to XML injection in the product layout…
CVE-2021-21019 — CVSS 9.1 (critical): Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are vulnerable to XML injection in the Widgets module…
CVE-2014-1409 — CVSS 9.1 (critical): MobileIron VSP versions prior to 5.9.1 and Sentry versions prior to 5.0 have an authentication bypass vulnerability due to an XML file with…
CVE-2026-46490 — CVSS 8.8 (high): samlify is a Node.js library for SAML single sign-on. Prior to version 2.13.0, samlify’s template substitution only escapes attribute…
CVE-2026-28770 — CVSS 8.8 (high): Improper neutralization of special elements in the /IDC_Logging/checkifdone.cgi script in International Datacasting Corporation (IDC) SFX…
CVE-2025-24404 — CVSS 8.8 (high): XML Injection RCE by parse http sitemap xml response vulnerability in Apache HertzBeat. The attacker needs to have an authenticated account…
CVE-2023-27253 — CVSS 8.8 (high): A command injection vulnerability in the function restore_rrddata() of Netgate pfSense v2.7.0 allows authenticated attackers to execute…
CVE-2022-22834 — CVSS 8.8 (high): An issue was discovered in OverIT Geocall before 8.0. An authenticated user who has the Test Trasformazione XSL functionality enabled can…
CVE-2021-39181 — CVSS 8.8 (high): OpenOlat is a web-based learning management system (LMS). Prior to version 15.3.18, 15.5.3, and 16.0.0, using a prepared import XML file…
CVE-2021-36359 — CVSS 8.8 (high): OrbiTeam BSCW Classic before 7.4.3 allows exportpdf authenticated remote code execution (RCE) via XML tag injection because…
CVE-2021-2322 — CVSS 8.8 (high): Vulnerability in OpenGrok (component: Web App). Versions that are affected are 1.6.7 and prior. Easily exploitable vulnerability allows low…
CVE-2018-1721 — CVSS 8.8 (high): IBM Cognos Analytics 11.0 and 11.1 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote…
CVE-2019-17323 — CVSS 8.8 (high): ClipSoft REXPERT 1.0.0.527 and earlier version allows arbitrary file creation and execution via report print function of rexpert viewer…
CVE-2018-19277 — CVSS 8.8 (high): securityScan() in PHPOffice PhpSpreadsheet through 1.5.0 allows a bypass of protection mechanisms for XXE via UTF-7 encoding in a .xlsx file
CVE-2018-2477 — CVSS 8.8 (high): Knowledge Management (XMLForms) in SAP NetWeaver, versions 7.30, 7.31, 7.40 and 7.50 does not sufficiently validate an XML document…
CVE-2018-16785 — CVSS 8.8 (high): XML injection vulnerability exists in the file of DedeCMS V5.7 SP2 version, which can be utilized by attackers to create script file to…
CVE-2026-40165 — CVSS 8.7 (high): authentik is an open-source identity provider. Versions 2025.12.4 and prior, and versions 2026.2.0-rc1 through 2026.2.2 were vulnerable to…
CVE-2017-15685 — CVSS 8.6 (high): Crafter CMS Crafter Studio 3.0.1 is affected by: XML External Entity (XXE). An unauthenticated attacker is able to create a site with…
CVE-2017-15683 — CVSS 8.6 (high): In Crafter CMS Crafter Studio 3.0.1 an unauthenticated attacker is able to create a site with specially crafted XML that allows the…
CVE-2022-50902 — CVSS 8.4 (high): Wondershare FamiSafe 1.0 contains an unquoted service path vulnerability in the FSService that allows local users to potentially execute…
CVE-2024-42374 — CVSS 8.2 (high): BEx Web Java Runtime Export Web Service does not sufficiently validate an XML document accepted from an untrusted source. An attacker can…
CVE-2022-46751 — CVSS 8.2 (high): Improper Restriction of XML External Entity Reference, XML Injection (aka Blind XPath Injection) vulnerability in Apache Software…
CVE-2021-36020 — CVSS 8.2 (high): Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an XML Injection…
CVE-2020-6271 — CVSS 8.2 (high): SAP Solution Manager (Problem Context Manager), version 7.2, does not perform the necessary authentication, allowing an attacker to consume…
CVE-2026-11169 — CVSS 8.1 (high): Inappropriate implementation in XML in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to inject arbitrary scripts or HTML…
CVE-2025-25589 — CVSS 8.1 (high): An XML external entity (XXE) injection vulnerability in the component /weixin/aes/XMLParse.java of yimioa before v2024.07.04 allows…
CVE-2024-47113 — CVSS 8.1 (high): IBM ICP - Voice Gateway 1.0.2, 1.0.2.4, 1.0.3, 1.0.4, 1.0.5, 1.0.6. 1.0.7, 1.0.7.1, and 1.0.8 could allow remote attacker to send specially…
CVE-2024-28109 — CVSS 8.1 (high): veraPDF-library is a PDF/A validation library. Executing policy checks using custom schematron files invokes an XSL transformation that…
CVE-2022-22784 — CVSS 8.1 (high): The Zoom Client for Meetings (for Android, iOS, Linux, MacOS, and Windows) before version 5.10.0 failed to properly parse XML stanzas in…
CVE-2019-0268 — CVSS 8.1 (high): SAP BusinessObjects Business Intelligence Platform (CMC Module), versions 4.10, 4.20 and 4.30, does not sufficiently validate an XML…