CWE-91
Allowed-with-ReviewXML Injection (aka Blind XPath Injection)
Abstraction: Base · Status: Draft
The product does not properly neutralize special elements that are used in XML, allowing attackers to modify the syntax, content, or commands of the XML before it is processed by an end system.
190 vulnerabilities reference this CWE, most recent first.
GHSA-H5MR-XP97-C4P5
Vulnerability from github – Published: 2022-12-22 21:30 – Updated: 2025-04-16 18:31It was possible to construct specific XSLT markup that would be able to bypass an iframe sandbox. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird < 91.5.
{
"affected": [],
"aliases": [
"CVE-2021-4140"
],
"database_specific": {
"cwe_ids": [
"CWE-91"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-12-22T20:15:00Z",
"severity": "CRITICAL"
},
"details": "It was possible to construct specific XSLT markup that would be able to bypass an iframe sandbox. This vulnerability affects Firefox ESR \u003c 91.5, Firefox \u003c 96, and Thunderbird \u003c 91.5.",
"id": "GHSA-h5mr-xp97-c4p5",
"modified": "2025-04-16T18:31:33Z",
"published": "2022-12-22T21:30:31Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-4140"
},
{
"type": "WEB",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1746720"
},
{
"type": "WEB",
"url": "https://www.mozilla.org/security/advisories/mfsa2022-01"
},
{
"type": "WEB",
"url": "https://www.mozilla.org/security/advisories/mfsa2022-02"
},
{
"type": "WEB",
"url": "https://www.mozilla.org/security/advisories/mfsa2022-03"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-H65F-JVQW-M9FJ
Vulnerability from github – Published: 2022-01-27 16:13 – Updated: 2023-06-22 19:15There's a vulnerability within the Apache Xerces Java (XercesJ) XML parser when handling specially crafted XML document payloads. This causes, the XercesJ XML parser to wait in an infinite loop, which may sometimes consume system resources for prolonged duration. This vulnerability is present within XercesJ version 2.12.1 and the previous versions.
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "xerces:xercesImpl"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.12.2"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2022-23437"
],
"database_specific": {
"cwe_ids": [
"CWE-91"
],
"github_reviewed": true,
"github_reviewed_at": "2022-01-25T20:46:16Z",
"nvd_published_at": "2022-01-24T15:15:00Z",
"severity": "MODERATE"
},
"details": "There\u0027s a vulnerability within the Apache Xerces Java (XercesJ) XML parser when handling specially crafted XML document payloads. This causes, the XercesJ XML parser to wait in an infinite loop, which may sometimes consume system resources for prolonged duration. This vulnerability is present within XercesJ version 2.12.1 and the previous versions.",
"id": "GHSA-h65f-jvqw-m9fj",
"modified": "2023-06-22T19:15:05Z",
"published": "2022-01-27T16:13:07Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23437"
},
{
"type": "PACKAGE",
"url": "https://github.com/jboss/xerces"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread/6pjwm10bb69kq955fzr1n0nflnjd27dl"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20221028-0005"
},
{
"type": "WEB",
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"type": "WEB",
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2022/01/24/3"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
],
"summary": "Infinite Loop in Apache Xerces Java"
}
GHSA-H6M3-6R8W-2QQP
Vulnerability from github – Published: 2022-05-24 17:05 – Updated: 2024-04-04 02:46An issue was discovered in ezXML 0.8.3 through 0.8.6. The ezxml_parse_* functions mishandle XML entities, leading to an infinite loop in which memory allocations occur.
{
"affected": [],
"aliases": [
"CVE-2019-20201"
],
"database_specific": {
"cwe_ids": [
"CWE-400",
"CWE-91"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-12-31T21:15:00Z",
"severity": "MODERATE"
},
"details": "An issue was discovered in ezXML 0.8.3 through 0.8.6. The ezxml_parse_* functions mishandle XML entities, leading to an infinite loop in which memory allocations occur.",
"id": "GHSA-h6m3-6r8w-2qqp",
"modified": "2024-04-04T02:46:14Z",
"published": "2022-05-24T17:05:26Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-20201"
},
{
"type": "WEB",
"url": "https://sourceforge.net/p/ezxml/bugs/16"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-H7RH-XFPJ-HPCM
Vulnerability from github – Published: 2025-09-29 17:53 – Updated: 2025-09-30 15:14Description
In minio-java versions prior to 8.6.0, XML tag values containing references to system properties or environment variables were automatically substituted with their actual values during processing. This unintended behavior could lead to the exposure of sensitive information, including credentials, file paths, or system configuration details, if such references were present in XML content from untrusted sources.
Affected Versions
- minio-java < 8.6.0
All applications utilizing affected versions of minio-java for parsing XML with potentially untrusted input are vulnerable.
Impact
This vulnerability poses a high risk of information disclosure. Attackers could craft malicious XML inputs to extract sensitive data from the system's properties or environment variables, potentially compromising security in applications relying on minio-java for object storage operations.
Patches
The issue is resolved in minio-java version 8.6.0 and later. In these versions, automatic substitution of XML tag values with system properties or environment variables has been disabled.
Users are strongly advised to upgrade to minio-java 8.6.0 or a newer release to mitigate the vulnerability.
Workarounds
No full workarounds exist without upgrading the library. As interim measures:
- Refrain from processing XML data from untrusted or external sources.
- Implement input sanitization or validation to detect and remove references to system properties or environment variables in XML content.
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "io.minio:minio"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.6.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2025-59952"
],
"database_specific": {
"cwe_ids": [
"CWE-20",
"CWE-91"
],
"github_reviewed": true,
"github_reviewed_at": "2025-09-29T17:53:31Z",
"nvd_published_at": "2025-09-30T04:43:46Z",
"severity": "HIGH"
},
"details": "#### Description\nIn minio-java versions prior to 8.6.0, XML tag values containing references to system properties or environment variables were automatically substituted with their actual values during processing. This unintended behavior could lead to the exposure of sensitive information, including credentials, file paths, or system configuration details, if such references were present in XML content from untrusted sources.\n\n#### Affected Versions\n- minio-java \u003c 8.6.0\n\nAll applications utilizing affected versions of minio-java for parsing XML with potentially untrusted input are vulnerable.\n\n#### Impact\nThis vulnerability poses a high risk of information disclosure. Attackers could craft malicious XML inputs to extract sensitive data from the system\u0027s properties or environment variables, potentially compromising security in applications relying on minio-java for object storage operations.\n\n#### Patches\nThe issue is resolved in minio-java version 8.6.0 and later. In these versions, automatic substitution of XML tag values with system properties or environment variables has been disabled.\n\nUsers are strongly advised to upgrade to minio-java 8.6.0 or a newer release to mitigate the vulnerability.\n\n#### Workarounds\nNo full workarounds exist without upgrading the library. As interim measures:\n\n- Refrain from processing XML data from untrusted or external sources.\n- Implement input sanitization or validation to detect and remove references to \n system properties or environment variables in XML content.",
"id": "GHSA-h7rh-xfpj-hpcm",
"modified": "2025-09-30T15:14:27Z",
"published": "2025-09-29T17:53:31Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/minio/minio-java/security/advisories/GHSA-h7rh-xfpj-hpcm"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59952"
},
{
"type": "WEB",
"url": "https://github.com/minio/minio-java/commit/f7a98d06b25e5464bdd4811b044e25ff9101d37f"
},
{
"type": "PACKAGE",
"url": "https://github.com/minio/minio-java"
},
{
"type": "WEB",
"url": "https://github.com/minio/minio-java/releases/tag/8.6.0"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "MinIO Java Client XML Tag Value Substitution Vulnerability"
}
GHSA-HFJ4-XQ5F-7MC7
Vulnerability from github – Published: 2022-08-11 00:00 – Updated: 2022-08-16 00:00XML external entity injection(XXE) is a vulnerability that allows an attacker to interfere with an application's processing of XML data. This attack occurs when XML input containing a reference to an external entity is processed by a weakly configured XML parser. The software processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output. Here, XML external entity injection lead to External Service interaction & Internal file read in Business Central and also Kie-Server APIs.
{
"affected": [],
"aliases": [
"CVE-2022-2458"
],
"database_specific": {
"cwe_ids": [
"CWE-611",
"CWE-91"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-08-10T20:15:00Z",
"severity": "HIGH"
},
"details": "XML external entity injection(XXE) is a vulnerability that allows an attacker to interfere with an application\u0027s processing of XML data. This attack occurs when XML input containing a reference to an external entity is processed by a weakly configured XML parser. The software processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output. Here, XML external entity injection lead to External Service interaction \u0026 Internal file read in Business Central and also Kie-Server APIs.",
"id": "GHSA-hfj4-xq5f-7mc7",
"modified": "2022-08-16T00:00:23Z",
"published": "2022-08-11T00:00:17Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2458"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107994#c0"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-HP7C-9QJ5-XCRQ
Vulnerability from github – Published: 2022-04-06 00:01 – Updated: 2025-09-05 18:31ALIN MDaemon Security Gateway through 8.5.0 allows XML Injection.
{
"affected": [],
"aliases": [
"CVE-2022-25356"
],
"database_specific": {
"cwe_ids": [
"CWE-91"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-04-05T02:15:00Z",
"severity": "MODERATE"
},
"details": "ALIN MDaemon Security Gateway through 8.5.0 allows XML Injection.",
"id": "GHSA-hp7c-9qj5-xcrq",
"modified": "2025-09-05T18:31:09Z",
"published": "2022-04-06T00:01:33Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25356"
},
{
"type": "WEB",
"url": "https://www.altn.com/Products/SecurityGateway-Email-Firewall"
},
{
"type": "WEB",
"url": "https://www.swascan.com/security-advisory-alt-n-security-gateway"
},
{
"type": "WEB",
"url": "https://www.swascan.com/security-blog"
},
{
"type": "WEB",
"url": "https://www.tinextacyber.com/security-advisory-alt-n-security-gataway-cve-2022-25356"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-HXWP-5HW8-G4XG
Vulnerability from github – Published: 2022-05-24 19:06 – Updated: 2022-05-24 19:06Vulnerability in OpenGrok (component: Web App). Versions that are affected are 1.6.7 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via HTTPS to compromise OpenGrok. Successful attacks of this vulnerability can result in takeover of OpenGrok. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).
{
"affected": [],
"aliases": [
"CVE-2021-2322"
],
"database_specific": {
"cwe_ids": [
"CWE-91"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-06-23T23:15:00Z",
"severity": "HIGH"
},
"details": "Vulnerability in OpenGrok (component: Web App). Versions that are affected are 1.6.7 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via HTTPS to compromise OpenGrok. Successful attacks of this vulnerability can result in takeover of OpenGrok. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).",
"id": "GHSA-hxwp-5hw8-g4xg",
"modified": "2022-05-24T19:06:04Z",
"published": "2022-05-24T19:06:04Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-2322"
},
{
"type": "WEB",
"url": "https://www.oracle.com/security-alerts/oracle-open-source-cves-outside-other-oracle-public-documents.html"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-J22J-2QPH-CFXC
Vulnerability from github – Published: 2025-07-08 21:30 – Updated: 2025-07-08 21:30ColdFusion versions 2025.2, 2023.14, 2021.20 and earlier are affected by an XML Injection vulnerability that could lead to arbitrary file system read. An attacker can exploit this issue by injecting crafted XML or XPath queries to access unauthorized files or lead to denial of service. Exploitation of this issue does not require user interaction, and attack must have access to shared secrets.
{
"affected": [],
"aliases": [
"CVE-2025-49538"
],
"database_specific": {
"cwe_ids": [
"CWE-91"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-07-08T21:15:26Z",
"severity": "HIGH"
},
"details": "ColdFusion versions 2025.2, 2023.14, 2021.20 and earlier are affected by an XML Injection vulnerability that could lead to arbitrary file system read. An attacker can exploit this issue by injecting crafted XML or XPath queries to access unauthorized files or lead to denial of service. Exploitation of this issue does not require user interaction, and attack must have access to shared secrets.",
"id": "GHSA-j22j-2qph-cfxc",
"modified": "2025-07-08T21:30:28Z",
"published": "2025-07-08T21:30:28Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-49538"
},
{
"type": "WEB",
"url": "https://helpx.adobe.com/security/products/coldfusion/apsb25-69.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-J759-J44W-7FR8
Vulnerability from github – Published: 2026-04-22 20:16 – Updated: 2026-05-08 20:10Summary
The package allows attacker-controlled comment content to be serialized into XML without validating or neutralizing comment breaking sequences. As a result, an attacker can terminate the comment early and inject arbitrary XML nodes into the serialized output.
Details
The issue is in the DOM construction and serialization flow for comment nodes.
When createComment(data) is called, the supplied string is stored as comment data through the generic character-data handling path. That content is kept as-is. Later, when the document is serialized, the serializer writes comment nodes by concatenating the XML comment delimiters with the stored node.data value directly.
That behavior is unsafe because XML comments are a syntax-sensitive context. If attacker-controlled input contains a sequence that closes the comment, the serializer does not preserve it as literal comment text. Instead, it emits output where the remainder of the payload is treated as live XML markup.
This is a real injection bug, not a formatting issue. The serializer already applies context-aware handling in other places, such as escaping text nodes and rewriting unsafe CDATA terminators. Comment content does not receive equivalent treatment. Because of that gap, untrusted data can break out of the comment boundary and modify the structure of the final XML document.
PoC
const { DOMImplementation, DOMParser, XMLSerializer } = require('@xmldom/xmldom');
const doc = new DOMImplementation().createDocument(null, 'root', null);
doc.documentElement.appendChild(
doc.createComment('--><injected attr="1"/><!--')
);
const xml = new XMLSerializer().serializeToString(doc);
console.log(xml);
// <root><!----><injected attr="1"/><!----></root>
const reparsed = new DOMParser().parseFromString(xml, 'text/xml');
console.log(reparsed.documentElement.childNodes.item(1).nodeName);
// injected
Impact
An application that uses the package to build XML from untrusted input can be made to emit attacker-controlled elements outside the intended comment boundary. That allows the attacker to alter the meaning and structure of generated XML documents.
In practice, this can affect any workflow that generates XML and then stores it, forwards it, signs it, or hands it to another parser. Realistic targets include XML-based configuration, policy documents, and message formats where downstream consumers trust the serialized structure.
Disclosure
This vulnerability was publicly disclosed at 2026-04-06T11:25:07Z via xmldom/xmldom#987, which was subsequently closed without being merged.
Fix Applied
⚠ Opt-in required. Protection is not automatic. Existing serialization calls remain vulnerable unless
{ requireWellFormed: true }is explicitly passed. Applications that pass untrusted data tocreateComment()or mutate comment nodes with untrusted input (viaappendData,insertData,replaceData,.data =, or.textContent =) should audit allserializeToString()call sites and add the option.
XMLSerializer.serializeToString() now accepts an options object as a second argument. When { requireWellFormed: true } is passed, the serializer throws InvalidStateError before emitting a Comment node whose .data would produce malformed XML.
On @xmldom/xmldom ≥ 0.9.10, the full W3C DOM Parsing §3.2.1.4 check is applied: throws if .data contains -- anywhere, ends with -, or contains characters outside the XML Char production.
On @xmldom/xmldom ≥ 0.8.13 (LTS), only the --> injection sequence is checked. The 0.8.x SAX parser accepts comments containing -- (without >), so throwing on bare -- would break a previously-working round-trip on that branch. The --> check is sufficient to prevent injection.
PoC — fixed path
const { DOMImplementation, XMLSerializer } = require('@xmldom/xmldom');
const doc = new DOMImplementation().createDocument(null, 'root', null);
doc.documentElement.appendChild(doc.createComment('--><injected attr="1"/><!--'));
// Default (unchanged): verbatim — injection present
const unsafe = new XMLSerializer().serializeToString(doc);
console.log(unsafe);
// <root><!----><injected attr="1"/><!----></root>
// Opt-in guard: throws InvalidStateError before serializing
try {
new XMLSerializer().serializeToString(doc, { requireWellFormed: true });
} catch (e) {
console.log(e.name, e.message);
// InvalidStateError: The comment node data contains "--" or ends with "-" (0.9.x)
// InvalidStateError: The comment node data contains "-->" (0.8.x — only --> is checked)
}
Why the default stays verbatim
The W3C DOM Parsing and Serialization spec §3.2.1.4 defines a require well-formed flag whose default value is false. With the flag unset, the spec explicitly permits serializing ill-formed comment content verbatim — this is also the behavior of browser implementations (Chrome, Firefox, Safari): new XMLSerializer().serializeToString(doc) produces the injection sequence without error in all major browsers.
Unconditionally throwing would be a behavioral breaking change with no spec justification. The opt-in requireWellFormed: true flag allows applications that require injection safety to enable strict mode without breaking existing deployments.
Residual limitation
The fix operates at serialization time only. There is no creation-time check in createComment — the spec does not require one for comment data. Any path that leads to a Comment node with -- in its data (createComment, appendData, .data =, etc.) produces a node that serializes safely only when { requireWellFormed: true } is passed to serializeToString.
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "@xmldom/xmldom"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.8.13"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "npm",
"name": "@xmldom/xmldom"
},
"ranges": [
{
"events": [
{
"introduced": "0.9.0"
},
{
"fixed": "0.9.10"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "npm",
"name": "xmldom"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "0.6.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-41672"
],
"database_specific": {
"cwe_ids": [
"CWE-91"
],
"github_reviewed": true,
"github_reviewed_at": "2026-04-22T20:16:07Z",
"nvd_published_at": "2026-05-07T04:16:33Z",
"severity": "HIGH"
},
"details": "## Summary\n\nThe package allows attacker-controlled comment content to be serialized into XML without validating or neutralizing comment breaking sequences. As a result, an attacker can terminate the comment early and inject arbitrary XML nodes into the serialized output.\n\n---\n\n## Details\n\nThe issue is in the DOM construction and serialization flow for comment nodes.\n\nWhen `createComment(data)` is called, the supplied string is stored as comment data through the generic character-data handling path. That content is kept as-is. Later, when the document is serialized, the serializer writes comment nodes by concatenating the XML comment delimiters with the stored `node.data` value directly.\n\nThat behavior is unsafe because XML comments are a syntax-sensitive context. If attacker-controlled input contains a sequence that closes the comment, the serializer does not preserve it as literal comment text. Instead, it emits output where the remainder of the payload is treated as live XML markup.\n\nThis is a real injection bug, not a formatting issue. The serializer already applies context-aware handling in other places, such as escaping text nodes and rewriting unsafe CDATA terminators. Comment content does not receive equivalent treatment. Because of that gap, untrusted data can break out of the comment boundary and modify the structure of the final XML document.\n\n---\n\n## PoC\n\n```js\nconst { DOMImplementation, DOMParser, XMLSerializer } = require(\u0027@xmldom/xmldom\u0027);\n\nconst doc = new DOMImplementation().createDocument(null, \u0027root\u0027, null);\n\ndoc.documentElement.appendChild(\n doc.createComment(\u0027--\u003e\u003cinjected attr=\"1\"/\u003e\u003c!--\u0027)\n);\n\nconst xml = new XMLSerializer().serializeToString(doc);\nconsole.log(xml);\n// \u003croot\u003e\u003c!----\u003e\u003cinjected attr=\"1\"/\u003e\u003c!----\u003e\u003c/root\u003e\n\nconst reparsed = new DOMParser().parseFromString(xml, \u0027text/xml\u0027);\nconsole.log(reparsed.documentElement.childNodes.item(1).nodeName);\n// injected\n```\n\n---\n\n## Impact\n\nAn application that uses the package to build XML from untrusted input can be made to emit attacker-controlled elements outside the intended comment boundary. That allows the attacker to alter the meaning and structure of generated XML documents.\n\nIn practice, this can affect any workflow that generates XML and then stores it, forwards it, signs it, or hands it to another parser. Realistic targets include XML-based configuration, policy documents, and message formats where downstream consumers trust the serialized structure.\n\n---\n\n## Disclosure\n\nThis vulnerability was publicly disclosed at 2026-04-06T11:25:07Z via [xmldom/xmldom#987](https://github.com/xmldom/xmldom/pull/987), which was subsequently closed without being merged.\n\n---\n\n## Fix Applied\n\n\u003e **\u26a0 Opt-in required.** Protection is not automatic. Existing serialization calls remain\n\u003e vulnerable unless `{ requireWellFormed: true }` is explicitly passed. Applications that pass\n\u003e untrusted data to `createComment()` or mutate comment nodes with untrusted input (via\n\u003e `appendData`, `insertData`, `replaceData`, `.data =`, or `.textContent =`) should audit all\n\u003e `serializeToString()` call sites and add the option.\n\n`XMLSerializer.serializeToString()` now accepts an options object as a second argument. When `{ requireWellFormed: true }` is passed, the serializer throws `InvalidStateError` before emitting a Comment node whose `.data` would produce malformed XML.\n\nOn `@xmldom/xmldom` \u2265 0.9.10, the full W3C DOM Parsing \u00a73.2.1.4 check is applied: throws if `.data` contains `--` anywhere, ends with `-`, or contains characters outside the XML Char production.\n\nOn `@xmldom/xmldom` \u2265 0.8.13 (LTS), only the `--\u003e` injection sequence is checked. The `0.8.x` SAX parser accepts comments containing `--` (without `\u003e`), so throwing on bare `--` would break a previously-working round-trip on that branch. The `--\u003e` check is sufficient to prevent injection.\n\n### PoC \u2014 fixed path\n\n```js\nconst { DOMImplementation, XMLSerializer } = require(\u0027@xmldom/xmldom\u0027);\n\nconst doc = new DOMImplementation().createDocument(null, \u0027root\u0027, null);\ndoc.documentElement.appendChild(doc.createComment(\u0027--\u003e\u003cinjected attr=\"1\"/\u003e\u003c!--\u0027));\n\n// Default (unchanged): verbatim \u2014 injection present\nconst unsafe = new XMLSerializer().serializeToString(doc);\nconsole.log(unsafe);\n// \u003croot\u003e\u003c!----\u003e\u003cinjected attr=\"1\"/\u003e\u003c!----\u003e\u003c/root\u003e\n\n// Opt-in guard: throws InvalidStateError before serializing\ntry {\n new XMLSerializer().serializeToString(doc, { requireWellFormed: true });\n} catch (e) {\n console.log(e.name, e.message);\n // InvalidStateError: The comment node data contains \"--\" or ends with \"-\" (0.9.x)\n // InvalidStateError: The comment node data contains \"--\u003e\" (0.8.x \u2014 only --\u003e is checked)\n}\n```\n\n### Why the default stays verbatim\n\nThe W3C DOM Parsing and Serialization spec \u00a73.2.1.4 defines a `require well-formed` flag whose **default value is `false`**. With the flag unset, the spec explicitly permits serializing ill-formed comment content verbatim \u2014 this is also the behavior of browser implementations (Chrome, Firefox, Safari): `new XMLSerializer().serializeToString(doc)` produces the injection sequence without error in all major browsers.\n\nUnconditionally throwing would be a behavioral breaking change with no spec justification. The opt-in `requireWellFormed: true` flag allows applications that require injection safety to enable strict mode without breaking existing deployments.\n\n### Residual limitation\n\nThe fix operates at serialization time only. There is no creation-time check in `createComment` \u2014 the spec does not require one for comment data. Any path that leads to a Comment node with `--` in its data (`createComment`, `appendData`, `.data =`, etc.) produces a node that serializes safely only when `{ requireWellFormed: true }` is passed to `serializeToString`.",
"id": "GHSA-j759-j44w-7fr8",
"modified": "2026-05-08T20:10:07Z",
"published": "2026-04-22T20:16:07Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/xmldom/xmldom/security/advisories/GHSA-j759-j44w-7fr8"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41672"
},
{
"type": "WEB",
"url": "https://github.com/xmldom/xmldom/pull/987"
},
{
"type": "WEB",
"url": "https://github.com/xmldom/xmldom/commit/b397540889086da868c30c366ad5c220d1a750c7"
},
{
"type": "WEB",
"url": "https://github.com/xmldom/xmldom/commit/fda7cc313de30243fea35cada64e0bb12099c2a1"
},
{
"type": "PACKAGE",
"url": "https://github.com/xmldom/xmldom"
},
{
"type": "WEB",
"url": "https://github.com/xmldom/xmldom/releases/tag/0.8.13"
},
{
"type": "WEB",
"url": "https://github.com/xmldom/xmldom/releases/tag/0.9.10"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "xmldom has XML node injection through unvalidated comment serialization"
}
GHSA-JCWR-X25H-X5FH
Vulnerability from github – Published: 2023-09-25 21:30 – Updated: 2024-05-03 20:26A flaw was found in codehaus-plexus. The org.codehaus.plexus.util.xml.XmlWriterUtil#writeComment fails to sanitize comments for a --> sequence. This issue means that text contained in the command string could be interpreted as XML and allow for XML injection.
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "org.codehaus.plexus:plexus-utils"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.0.24"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2022-4245"
],
"database_specific": {
"cwe_ids": [
"CWE-611",
"CWE-91"
],
"github_reviewed": true,
"github_reviewed_at": "2023-09-26T19:38:53Z",
"nvd_published_at": "2023-09-25T20:15:10Z",
"severity": "MODERATE"
},
"details": "A flaw was found in codehaus-plexus. The `org.codehaus.plexus.util.xml.XmlWriterUtil#writeComment` fails to sanitize comments for a `--\u003e` sequence. This issue means that text contained in the command string could be interpreted as XML and allow for XML injection. ",
"id": "GHSA-jcwr-x25h-x5fh",
"modified": "2024-05-03T20:26:14Z",
"published": "2023-09-25T21:30:26Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-4245"
},
{
"type": "WEB",
"url": "https://github.com/codehaus-plexus/plexus-utils/issues/3"
},
{
"type": "WEB",
"url": "https://github.com/codehaus-plexus/plexus-utils/commit/f933e5e78dc2637e485447ed821fe14904f110de"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2023:2135"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2023:3906"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2022-4245"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2149843"
},
{
"type": "PACKAGE",
"url": "https://github.com/codehaus-plexus/plexus-utils"
},
{
"type": "WEB",
"url": "https://security.snyk.io/vuln/SNYK-JAVA-ORGCODEHAUSPLEXUS-461102"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
],
"summary": "codehaus-plexus vulnerable to XML injection"
}
Mitigation MIT-5
Strategy: Input Validation
- Assume all input is malicious. Use an "accept known good" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.
- When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, "boat" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as "red" or "blue."
- Do not rely exclusively on looking for malicious or malformed inputs. This is likely to miss at least one undesirable input, especially if the code's environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright.
CAPEC-250: XML Injection
An attacker utilizes crafted XML user-controllable input to probe, attack, and inject data into the XML database, using techniques similar to SQL injection. The user-controllable input can allow for unauthorized viewing of data, bypassing authentication or the front-end application for direct XML database access, and possibly altering database information.
CAPEC-83: XPath Injection
An attacker can craft special user-controllable input consisting of XPath expressions to inject the XML database and bypass authentication or glean information that they normally would not be able to. XPath Injection enables an attacker to talk directly to the XML database, thus bypassing the application completely. XPath Injection results from the failure of an application to properly sanitize input used as part of dynamic XPath expressions used to query an XML database.