CWE-91
Allowed-with-ReviewXML Injection (aka Blind XPath Injection)
Abstraction: Base · Status: Draft
The product does not properly neutralize special elements that are used in XML, allowing attackers to modify the syntax, content, or commands of the XML before it is processed by an end system.
190 vulnerabilities reference this CWE, most recent first.
CVE-2025-12921 (GCVE-0-2025-12921)
Vulnerability from cvelistv5 – Published: 2025-11-09 23:32 – Updated: 2025-11-14 17:43| URL | Tags |
|---|---|
| https://vuldb.com/?id.331641 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.331641 | signaturepermissions-required |
| https://vuldb.com/?submit.680872 | third-party-advisory |
| https://github.com/mikecole-mg/security_findings/… | related |
| https://github.com/mikecole-mg/security_findings/… | exploit |
| Vendor | Product | Version | |
|---|---|---|---|
| OpenClinica | Community Edition |
Affected:
3.0
Affected: 3.1 Affected: 3.2 Affected: 3.3 Affected: 3.4 Affected: 3.5 Affected: 3.6 Affected: 3.7 Affected: 3.8 Affected: 3.9 Affected: 3.10 Affected: 3.11 Affected: 3.12 Affected: 3.12.0 Affected: 3.12.1 Affected: 3.12.2 Affected: 3.13 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-12921",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-14T17:43:08.957976Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-14T17:43:12.721Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/mikecole-mg/security_findings/blob/main/openclinica/openclinica-xxe.md#poc"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/mikecole-mg/security_findings/blob/main/openclinica/openclinica-xxe.md"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"CRF Data Import"
],
"product": "Community Edition",
"vendor": "OpenClinica",
"versions": [
{
"status": "affected",
"version": "3.0"
},
{
"status": "affected",
"version": "3.1"
},
{
"status": "affected",
"version": "3.2"
},
{
"status": "affected",
"version": "3.3"
},
{
"status": "affected",
"version": "3.4"
},
{
"status": "affected",
"version": "3.5"
},
{
"status": "affected",
"version": "3.6"
},
{
"status": "affected",
"version": "3.7"
},
{
"status": "affected",
"version": "3.8"
},
{
"status": "affected",
"version": "3.9"
},
{
"status": "affected",
"version": "3.10"
},
{
"status": "affected",
"version": "3.11"
},
{
"status": "affected",
"version": "3.12"
},
{
"status": "affected",
"version": "3.12.0"
},
{
"status": "affected",
"version": "3.12.1"
},
{
"status": "affected",
"version": "3.12.2"
},
{
"status": "affected",
"version": "3.13"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "mikecole-mg (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in OpenClinica Community Edition up to 3.12.2/3.13. Affected by this issue is some unknown functionality of the file /ImportCRFData?action=confirm of the component CRF Data Import. Such manipulation of the argument xml_file leads to xml injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "Es wurde eine Schwachstelle in OpenClinica Community Edition up to 3.12.2/3.13 entdeckt. Betroffen hiervon ist ein unbekannter Ablauf der Datei /ImportCRFData?action=confirm der Komponente CRF Data Import. Durch das Beeinflussen des Arguments xml_file mit unbekannten Daten kann eine xml injection-Schwachstelle ausgenutzt werden. Der Angriff kann remote ausgef\u00fchrt werden. Der Exploit wurde der \u00d6ffentlichkeit bekannt gemacht und k\u00f6nnte verwendet werden."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 4,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-91",
"description": "XML Injection",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-74",
"description": "Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-09T23:32:05.470Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-331641 | OpenClinica Community Edition CRF Data Import ImportCRFData xml injection",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.331641"
},
{
"name": "VDB-331641 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.331641"
},
{
"name": "Submit #680872 | OpenClinica OpenClinica Community Edition 3.13, Changeset 74f4df3481b6 (2017-02-28) and 3.12.2, Changeset 347dcfca3d17 (2016-11-21) XML Injection",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.680872"
},
{
"tags": [
"related"
],
"url": "https://github.com/mikecole-mg/security_findings/blob/main/openclinica/openclinica-xxe.md"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/mikecole-mg/security_findings/blob/main/openclinica/openclinica-xxe.md#poc"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-11-09T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-11-09T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-11-09T07:47:52.000Z",
"value": "VulDB entry last update"
}
],
"title": "OpenClinica Community Edition CRF Data Import ImportCRFData xml injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-12921",
"datePublished": "2025-11-09T23:32:05.470Z",
"dateReserved": "2025-11-09T06:42:36.062Z",
"dateUpdated": "2025-11-14T17:43:12.721Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-9375 (GCVE-0-2025-9375)
Vulnerability from cvelistv5 – Published: 2025-09-01 16:43 – Updated: 2026-04-20 21:45 Disputed- CWE-91 - XML Injection (aka Blind XPath Injection)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-9375",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-11T15:16:00.971499Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-11T15:16:13.844Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-09-05T01:47:50.016Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://github.com/martinblech/xmltodict/issues/377#issuecomment-3255691923"
},
{
"url": "https://docs.python.org/3/library/xml.sax.utils.html#xml.sax.saxutils.escape"
},
{
"url": "https://docs.python.org/3/library/xml.sax.utils.html#xml.sax.saxutils.XMLGenerator"
}
],
"title": "CVE Program Container",
"x_generator": {
"engine": "ADPogram 0.0.1"
}
}
],
"cna": {
"affected": [
{
"collectionURL": "https://pypi.python.org",
"defaultStatus": "unaffected",
"packageName": "xmltodict",
"platforms": [
"MacOS",
"Linux",
"Windows"
],
"product": "xmltodict",
"vendor": "xmltodict",
"versions": [
{
"lessThan": "0.15.1",
"status": "affected",
"version": "0.14.2",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xmltodict:xmltodict:*:*:macos:*:*:*:*:*",
"versionEndExcluding": "0.15.1",
"versionStartIncluding": "0.14.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmltodict:xmltodict:*:*:linux:*:*:*:*:*",
"versionEndExcluding": "0.15.1",
"versionStartIncluding": "0.14.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmltodict:xmltodict:*:*:windows:*:*:*:*:*",
"versionEndExcluding": "0.15.1",
"versionStartIncluding": "0.14.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan\u003eXML Injection vulnerability in xmltodict allows Input Data Manipulation.\u003cbr\u003e\u003c/span\u003e\u003cp\u003eThis issue affects xmltodict: from 0.14.2 before 0.15.1.\u003cbr\u003e\u003cbr\u003eNOTE: the scope of this CVE is disputed by the vendor on the grounds that xmltodict.unparse() delegates element-name handling to Python\u0027s xml.sax.saxutils.XMLGenerator, and that XMLGenerator should be the component performing validation.\u003c/p\u003e"
}
],
"value": "XML Injection vulnerability in xmltodict allows Input Data Manipulation.\nThis issue affects xmltodict: from 0.14.2 before 0.15.1.\n\nNOTE: the scope of this CVE is disputed by the vendor on the grounds that xmltodict.unparse() delegates element-name handling to Python\u0027s xml.sax.saxutils.XMLGenerator, and that XMLGenerator should be the component performing validation."
}
],
"impacts": [
{
"capecId": "CAPEC-153",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-153 Input Data Manipulation"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-91",
"description": "CWE-91 XML Injection (aka Blind XPath Injection)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-20T21:45:55.337Z",
"orgId": "84fe0718-d6bb-4716-a7e8-81a6d1daa869",
"shortName": "Fluid Attacks"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://fluidattacks.com/advisories/mono"
},
{
"tags": [
"product"
],
"url": "https://github.com/martinblech/xmltodict"
},
{
"tags": [
"patch",
"release-notes"
],
"url": "https://github.com/martinblech/xmltodict/blob/v0.15.1/CHANGELOG.md"
},
{
"tags": [
"patch"
],
"url": "https://github.com/martinblech/xmltodict/commit/f98c90f071228ed73df997807298e1df4f790c33"
}
],
"source": {
"discovery": "UNKNOWN"
},
"tags": [
"disputed"
],
"title": "xmltodict 0.14.2 - XML Injection",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "84fe0718-d6bb-4716-a7e8-81a6d1daa869",
"assignerShortName": "Fluid Attacks",
"cveId": "CVE-2025-9375",
"datePublished": "2025-09-01T16:43:18.220Z",
"dateReserved": "2025-08-22T22:03:47.627Z",
"dateUpdated": "2026-04-20T21:45:55.337Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-7473 (GCVE-0-2025-7473)
Vulnerability from cvelistv5 – Published: 2025-10-21 10:58 – Updated: 2025-10-21 13:24- CWE-91 - XML Injection (aka Blind XPath Injection)
| Vendor | Product | Version | |
|---|---|---|---|
| Zohocorp | Endpoint Central |
Affected:
0 , ≤ 11.4.2516.1
(11.4.2516.1)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-7473",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-21T13:24:23.990497Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-21T13:24:38.046Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Endpoint Central",
"vendor": "Zohocorp",
"versions": [
{
"lessThanOrEqual": "11.4.2516.1",
"status": "affected",
"version": "0",
"versionType": "11.4.2516.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Zohocorp ManageEngine EndPoint Central versions\u0026nbsp;11.4.2516.1 and prior are vulnerable to XML Injection."
}
],
"value": "Zohocorp ManageEngine EndPoint Central versions\u00a011.4.2516.1 and prior are vulnerable to XML Injection."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-91",
"description": "CWE-91 XML Injection (aka Blind XPath Injection)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-21T10:58:47.949Z",
"orgId": "0fc0942c-577d-436f-ae8e-945763c79b02",
"shortName": "Zohocorp"
},
"references": [
{
"url": "https://www.manageengine.com/products/desktop-central/parsing-xml-data.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "XML Injection",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "0fc0942c-577d-436f-ae8e-945763c79b02",
"assignerShortName": "Zohocorp",
"cveId": "CVE-2025-7473",
"datePublished": "2025-10-21T10:58:47.949Z",
"dateReserved": "2025-07-11T12:34:38.612Z",
"dateUpdated": "2025-10-21T13:24:38.046Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-1545 (GCVE-0-2025-1545)
Vulnerability from cvelistv5 – Published: 2025-12-04 21:48 – Updated: 2025-12-05 15:44- CWE-91 - XML Injection (aka Blind XPath Injection)
| Vendor | Product | Version | |
|---|---|---|---|
| WatchGuard | Fireware OS |
Affected:
11.11 , ≤ 11.12.4+541730
(semver)
Affected: 12.0 , ≤ 12.11.4 (semver) Affected: 12.5 , ≤ 12.5.13 (semver) Affected: 2025.1 , ≤ 2025.1.2 (semver) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-1545",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-05T15:43:49.497524Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-05T15:44:01.830Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Fireware OS",
"vendor": "WatchGuard",
"versions": [
{
"lessThanOrEqual": "11.12.4+541730",
"status": "affected",
"version": "11.11",
"versionType": "semver"
},
{
"lessThanOrEqual": "12.11.4",
"status": "affected",
"version": "12.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "12.5.13",
"status": "affected",
"version": "12.5",
"versionType": "semver"
},
{
"lessThanOrEqual": "2025.1.2",
"status": "affected",
"version": "2025.1",
"versionType": "semver"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:watchguard:fireware_os:*:*:*:*:*:*:*:11.11",
"versionEndIncluding": "11.12.4+541730",
"versionStartIncluding": "11.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:watchguard:fireware_os:*:*:*:*:*:*:*:12.0",
"versionEndIncluding": "12.11.4",
"versionStartIncluding": "12.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:watchguard:fireware_os:*:*:*:*:*:*:*:12.5",
"versionEndIncluding": "12.5.13",
"versionStartIncluding": "12.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:watchguard:fireware_os:*:*:*:*:*:*:*:2025.1",
"versionEndIncluding": "2025.1.2",
"versionStartIncluding": "2025.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Exodus Intelligence"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An XPath Injection vulnerability in WatchGuard Fireware OS may allow a remote unauthenticated attacker to retrieve sensitive information from the Firebox configuration through an exposed authentication or management web interface. This vulnerability only affects Firebox systems that have at least one authentication hotspot configured.\u003cp\u003eThis issue affects Fireware OS 11.11 up to and including 11.12.4+541730, 12.0 up to and including 12.11.4, 12.5 up to and including 12.5.13, and 2025.1 up to and including 2025.1.2.\u003c/p\u003e"
}
],
"value": "An XPath Injection vulnerability in WatchGuard Fireware OS may allow a remote unauthenticated attacker to retrieve sensitive information from the Firebox configuration through an exposed authentication or management web interface. This vulnerability only affects Firebox systems that have at least one authentication hotspot configured.This issue affects Fireware OS 11.11 up to and including 11.12.4+541730, 12.0 up to and including 12.11.4, 12.5 up to and including 12.5.13, and 2025.1 up to and including 2025.1.2."
}
],
"impacts": [
{
"capecId": "CAPEC-83",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-83 XPath Injection"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-91",
"description": "CWE-91 XML Injection (aka Blind XPath Injection)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-05T14:33:44.498Z",
"orgId": "5d1c2695-1a31-4499-88ae-e847036fd7e3",
"shortName": "WatchGuard"
},
"references": [
{
"url": "https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2025-00025"
}
],
"source": {
"advisory": "WGSA-2025-00025",
"defect": [
"FBX-28936"
],
"discovery": "EXTERNAL"
},
"title": "WatchGuard Firebox XPath Injection Vulnerability in Web CGI",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "5d1c2695-1a31-4499-88ae-e847036fd7e3",
"assignerShortName": "WatchGuard",
"cveId": "CVE-2025-1545",
"datePublished": "2025-12-04T21:48:27.311Z",
"dateReserved": "2025-02-21T09:56:01.214Z",
"dateUpdated": "2025-12-05T15:44:01.830Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-53675 (GCVE-0-2024-53675)
Vulnerability from cvelistv5 – Published: 2024-11-26 22:01 – Updated: 2024-11-27 11:58- CWE-91 - XML Injection (aka Blind XPath Injection)
| Vendor | Product | Version | |
|---|---|---|---|
| Hewlett Packard Enterprise (HPE) | HPE Insight Remote Support |
Affected:
0 , < 7.14.0.629
(product)
|
|
| hpe | insight_remote_support |
Affected:
0 , < 7.14.0.629
(custom)
cpe:2.3:a:hpe:insight_remote_support:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:hpe:insight_remote_support:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "insight_remote_support",
"vendor": "hpe",
"versions": [
{
"lessThan": "7.14.0.629",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-53675",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-27T11:58:35.920065Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-27T11:58:39.036Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "HPE Insight Remote Support",
"vendor": "Hewlett Packard Enterprise (HPE)",
"versions": [
{
"lessThan": "7.14.0.629",
"status": "affected",
"version": "0",
"versionType": "product"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An XML external entity injection (XXE) vulnerability in HPE Insight Remote Support may allow remote users to disclose information in certain cases."
}
],
"value": "An XML external entity injection (XXE) vulnerability in HPE Insight Remote Support may allow remote users to disclose information in certain cases."
}
],
"impacts": [
{
"capecId": "CAPEC-250",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-250 XML Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-91",
"description": "CWE-91 XML Injection (aka Blind XPath Injection)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-26T22:01:12.616Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US\u0026docId=hpesbgn04731en_us"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2024-53675",
"datePublished": "2024-11-26T22:01:12.616Z",
"dateReserved": "2024-11-21T16:51:49.639Z",
"dateUpdated": "2024-11-27T11:58:39.036Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-53674 (GCVE-0-2024-53674)
Vulnerability from cvelistv5 – Published: 2024-11-26 21:55 – Updated: 2024-11-27 11:59- CWE-91 - XML Injection (aka Blind XPath Injection)
| Vendor | Product | Version | |
|---|---|---|---|
| Hewlett Packard Enterprise (HPE) | HPE Insight Remote Support |
Affected:
0 , < 7.14.0.629
(product)
|
|
| hpe | insight_remote_support |
Affected:
0 , < 7.14.0.629
(custom)
cpe:2.3:a:hpe:insight_remote_support:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:hpe:insight_remote_support:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "insight_remote_support",
"vendor": "hpe",
"versions": [
{
"lessThan": "7.14.0.629",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-53674",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-27T11:59:38.783625Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-27T11:59:46.507Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "HPE Insight Remote Support",
"vendor": "Hewlett Packard Enterprise (HPE)",
"versions": [
{
"lessThan": "7.14.0.629",
"status": "affected",
"version": "0",
"versionType": "product"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An XML external entity injection (XXE) vulnerability in HPE Insight Remote Support may allow remote users to disclose information in certain cases."
}
],
"value": "An XML external entity injection (XXE) vulnerability in HPE Insight Remote Support may allow remote users to disclose information in certain cases."
}
],
"impacts": [
{
"capecId": "CAPEC-250",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-250 XML Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-91",
"description": "CWE-91 XML Injection (aka Blind XPath Injection)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-26T21:55:26.013Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US\u0026docId=hpesbgn04731en_us"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2024-53674",
"datePublished": "2024-11-26T21:55:26.013Z",
"dateReserved": "2024-11-21T16:51:49.639Z",
"dateUpdated": "2024-11-27T11:59:46.507Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-47113 (GCVE-0-2024-47113)
Vulnerability from cvelistv5 – Published: 2025-01-18 15:29 – Updated: 2025-01-21 20:53- CWE-91 - XML Injection (aka Blind XPath Injection)
| Vendor | Product | Version | |
|---|---|---|---|
| IBM | Voice Gateway |
Affected:
1.0.2, 1.0.2.4, 1.0.3, 1.0.4, 1.0.5, 1.0.6. 1.0.7, 1.0.7.1, 1.0.8
cpe:2.3:a:ibm:voice_gateway:1.0.2:*:*:*:*:*:*:* cpe:2.3:a:ibm:voice_gateway:1.0.2.4:*:*:*:*:*:*:* cpe:2.3:a:ibm:voice_gateway:1.0.3:*:*:*:*:*:*:* cpe:2.3:a:ibm:voice_gateway:1.0.4:*:*:*:*:*:*:* cpe:2.3:a:ibm:voice_gateway:1.0.5:*:*:*:*:*:*:* cpe:2.3:a:ibm:voice_gateway:1.0.6:*:*:*:*:*:*:* cpe:2.3:a:ibm:voice_gateway:1.0.7:*:*:*:*:*:*:* cpe:2.3:a:ibm:voice_gateway:1.0.7.1:*:*:*:*:*:*:* cpe:2.3:a:ibm:voice_gateway:1.0.8:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-47113",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-21T20:52:58.392154Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-21T20:53:07.098Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:voice_gateway:1.0.2:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:voice_gateway:1.0.2.4:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:voice_gateway:1.0.3:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:voice_gateway:1.0.4:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:voice_gateway:1.0.5:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:voice_gateway:1.0.6:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:voice_gateway:1.0.7:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:voice_gateway:1.0.7.1:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:voice_gateway:1.0.8:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Voice Gateway",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "1.0.2, 1.0.2.4, 1.0.3, 1.0.4, 1.0.5, 1.0.6. 1.0.7, 1.0.7.1, 1.0.8"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIBM ICP - Voice Gateway\u0026nbsp;1.0.2, 1.0.2.4, 1.0.3, 1.0.4, 1.0.5, 1.0.6. 1.0.7, 1.0.7.1, and 1.0.8 could allow remote attacker to send specially crafted XML statements, which would allow them to attacker to view or modify information in the XML document.\u003c/span\u003e"
}
],
"value": "IBM ICP - Voice Gateway\u00a01.0.2, 1.0.2.4, 1.0.3, 1.0.4, 1.0.5, 1.0.6. 1.0.7, 1.0.7.1, and 1.0.8 could allow remote attacker to send specially crafted XML statements, which would allow them to attacker to view or modify information in the XML document."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-91",
"description": "CWE-91 XML Injection (aka Blind XPath Injection)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-18T15:29:40.728Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"url": "https://www.ibm.com/support/pages/node/7175791"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM ICP - Voice Gateway XML injection",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2024-47113",
"datePublished": "2025-01-18T15:29:40.728Z",
"dateReserved": "2024-09-18T19:27:02.821Z",
"dateUpdated": "2025-01-21T20:53:07.098Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-42374 (GCVE-0-2024-42374)
Vulnerability from cvelistv5 – Published: 2024-08-13 03:34 – Updated: 2024-08-14 16:41- CWE-91 - XML Injection
| Vendor | Product | Version | |
|---|---|---|---|
| SAP_SE | SAP BEx Web Java Runtime Export Web Service |
Affected:
BI-BASE-E 7.5
Affected: BI-BASE-B 7.5 Affected: BI-IBC 7.5 Affected: BI-BASE-S 7.5 Affected: BIWEBAPP 7.5 |
|
| sap_se | bex_web_java_runtime_export_web_service |
Affected:
bi-base-e7.5
Affected: bi-base-b7.5 Affected: bi-base-s7.5 Affected: biwebapp7.5 Affected: bi-ibc7.5 cpe:2.3:a:sap_se:bex_web_java_runtime_export_web_service:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:sap_se:bex_web_java_runtime_export_web_service:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "bex_web_java_runtime_export_web_service",
"vendor": "sap_se",
"versions": [
{
"status": "affected",
"version": "bi-base-e7.5"
},
{
"status": "affected",
"version": "bi-base-b7.5"
},
{
"status": "affected",
"version": "bi-base-s7.5"
},
{
"status": "affected",
"version": "biwebapp7.5"
},
{
"status": "affected",
"version": "bi-ibc7.5"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-42374",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-14T16:31:28.254810Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-14T16:41:35.647Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "SAP BEx Web Java Runtime Export Web Service",
"vendor": "SAP_SE",
"versions": [
{
"status": "affected",
"version": "BI-BASE-E 7.5"
},
{
"status": "affected",
"version": "BI-BASE-B 7.5"
},
{
"status": "affected",
"version": "BI-IBC 7.5"
},
{
"status": "affected",
"version": "BI-BASE-S 7.5"
},
{
"status": "affected",
"version": "BIWEBAPP 7.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "BEx Web Java Runtime Export Web Service does not\nsufficiently validate an XML document accepted from an untrusted source. An\nattacker can retrieve information from the SAP ADS system and exhaust the\nnumber of XMLForm service which makes the SAP ADS rendering (PDF creation)\nunavailable. This affects the confidentiality and availability of the\napplication."
}
],
"value": "BEx Web Java Runtime Export Web Service does not\nsufficiently validate an XML document accepted from an untrusted source. An\nattacker can retrieve information from the SAP ADS system and exhaust the\nnumber of XMLForm service which makes the SAP ADS rendering (PDF creation)\nunavailable. This affects the confidentiality and availability of the\napplication."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-91",
"description": "CWE-91: XML Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-13T03:34:11.415Z",
"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"shortName": "sap"
},
"references": [
{
"url": "https://me.sap.com/notes/3485284"
},
{
"url": "https://url.sap/sapsecuritypatchday"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "XML injection in SAP BEx Web Java Runtime Export Web Service",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"assignerShortName": "sap",
"cveId": "CVE-2024-42374",
"datePublished": "2024-08-13T03:34:11.415Z",
"dateReserved": "2024-07-31T04:09:36.223Z",
"dateUpdated": "2024-08-14T16:41:35.647Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-28109 (GCVE-0-2024-28109)
Vulnerability from cvelistv5 – Published: 2024-03-28 13:19 – Updated: 2024-08-02 00:48- CWE-91 - XML Injection (aka Blind XPath Injection)
| URL | Tags |
|---|---|
| https://github.com/veraPDF/veraPDF-library/securi… | x_refsource_CONFIRM |
| https://github.com/veraPDF/veraPDF-library/issues/1415 | x_refsource_MISC |
| https://github.com/veraPDF/veraPDF-library/commit… | x_refsource_MISC |
| https://github.com/veraPDF/veraPDF-library/commit… | x_refsource_MISC |
| https://github.com/veraPDF/veraPDF-library/commit… | x_refsource_MISC |
| Vendor | Product | Version | |
|---|---|---|---|
| veraPDF | veraPDF-library |
Affected:
< 1.24.2
|
|
| verapdf | verapdf-library |
Affected:
0 , < 1.24.2
(custom)
cpe:2.3:a:verapdf:verapdf-library:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:verapdf:verapdf-library:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "verapdf-library",
"vendor": "verapdf",
"versions": [
{
"lessThan": "1.24.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-28109",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-23T17:57:42.795412Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-29T21:06:10.317Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:48:48.254Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/veraPDF/veraPDF-library/security/advisories/GHSA-qxqf-2mfx-x8jw",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/veraPDF/veraPDF-library/security/advisories/GHSA-qxqf-2mfx-x8jw"
},
{
"name": "https://github.com/veraPDF/veraPDF-library/issues/1415",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/veraPDF/veraPDF-library/issues/1415"
},
{
"name": "https://github.com/veraPDF/veraPDF-library/commit/614ffa477a2cf0819e4b0df1ab133610e0da25fb",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/veraPDF/veraPDF-library/commit/614ffa477a2cf0819e4b0df1ab133610e0da25fb"
},
{
"name": "https://github.com/veraPDF/veraPDF-library/commit/9386ecbe1a1d1fb9e886d19df28851ed07890d9f",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/veraPDF/veraPDF-library/commit/9386ecbe1a1d1fb9e886d19df28851ed07890d9f"
},
{
"name": "https://github.com/veraPDF/veraPDF-library/commit/d5314cbdf4e058e0716f80dbdad2dbd8d96e6bfe",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/veraPDF/veraPDF-library/commit/d5314cbdf4e058e0716f80dbdad2dbd8d96e6bfe"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "veraPDF-library",
"vendor": "veraPDF",
"versions": [
{
"status": "affected",
"version": "\u003c 1.24.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "veraPDF-library is a PDF/A validation library. Executing policy checks using custom schematron files invokes an XSL transformation that could lead to a remote code execution (RCE) vulnerability. This vulnerability is fixed in 1.24.2."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-91",
"description": "CWE-91: XML Injection (aka Blind XPath Injection)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-28T13:19:39.906Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/veraPDF/veraPDF-library/security/advisories/GHSA-qxqf-2mfx-x8jw",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/veraPDF/veraPDF-library/security/advisories/GHSA-qxqf-2mfx-x8jw"
},
{
"name": "https://github.com/veraPDF/veraPDF-library/issues/1415",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/veraPDF/veraPDF-library/issues/1415"
},
{
"name": "https://github.com/veraPDF/veraPDF-library/commit/614ffa477a2cf0819e4b0df1ab133610e0da25fb",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/veraPDF/veraPDF-library/commit/614ffa477a2cf0819e4b0df1ab133610e0da25fb"
},
{
"name": "https://github.com/veraPDF/veraPDF-library/commit/9386ecbe1a1d1fb9e886d19df28851ed07890d9f",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/veraPDF/veraPDF-library/commit/9386ecbe1a1d1fb9e886d19df28851ed07890d9f"
},
{
"name": "https://github.com/veraPDF/veraPDF-library/commit/d5314cbdf4e058e0716f80dbdad2dbd8d96e6bfe",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/veraPDF/veraPDF-library/commit/d5314cbdf4e058e0716f80dbdad2dbd8d96e6bfe"
}
],
"source": {
"advisory": "GHSA-qxqf-2mfx-x8jw",
"discovery": "UNKNOWN"
},
"title": "Potential XSLT injection vulnerability when using policy files"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-28109",
"datePublished": "2024-03-28T13:19:39.906Z",
"dateReserved": "2024-03-04T14:19:14.059Z",
"dateUpdated": "2024-08-02T00:48:48.254Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-13190 (GCVE-0-2024-13190)
Vulnerability from cvelistv5 – Published: 2025-01-08 21:00 – Updated: 2025-02-12 17:18| URL | Tags |
|---|---|
| https://vuldb.com/?id.290782 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.290782 | signaturepermissions-required |
| https://vuldb.com/?submit.469226 | third-party-advisory |
| https://github.com/ZeroWdd/myblog/issues/2 | issue-tracking |
| https://github.com/ZeroWdd/myblog/issues/2#issue-… | exploitissue-tracking |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-13190",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-12T17:18:05.345147Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-12T17:18:08.818Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "myblog",
"vendor": "ZeroWdd",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "LVZC1 (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as critical was found in ZeroWdd myblog 1.0. This vulnerability affects unknown code of the file src/main/resources/mapper/BlogMapper.xml. The manipulation of the argument findBlogList/getTotalBlogs leads to xml injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "de",
"value": "In ZeroWdd myblog 1.0 wurde eine Schwachstelle entdeckt. Sie wurde als kritisch eingestuft. Betroffen ist eine unbekannte Verarbeitung der Datei src/main/resources/mapper/BlogMapper.xml. Durch Manipulieren des Arguments findBlogList/getTotalBlogs mit unbekannten Daten kann eine xml injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-91",
"description": "XML Injection",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-74",
"description": "Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-08T21:00:11.283Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-290782 | ZeroWdd myblog BlogMapper.xml xml injection",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.290782"
},
{
"name": "VDB-290782 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.290782"
},
{
"name": "Submit #469226 | ZeroWdd myblog 1.0 sql inject",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.469226"
},
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/ZeroWdd/myblog/issues/2"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/ZeroWdd/myblog/issues/2#issue-2759833644"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-01-08T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-01-08T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-01-08T13:10:35.000Z",
"value": "VulDB entry last update"
}
],
"title": "ZeroWdd myblog BlogMapper.xml xml injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2024-13190",
"datePublished": "2025-01-08T21:00:11.283Z",
"dateReserved": "2025-01-08T12:04:56.202Z",
"dateUpdated": "2025-02-12T17:18:08.818Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Mitigation MIT-5
Strategy: Input Validation
- Assume all input is malicious. Use an "accept known good" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.
- When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, "boat" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as "red" or "blue."
- Do not rely exclusively on looking for malicious or malformed inputs. This is likely to miss at least one undesirable input, especially if the code's environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright.
CAPEC-250: XML Injection
An attacker utilizes crafted XML user-controllable input to probe, attack, and inject data into the XML database, using techniques similar to SQL injection. The user-controllable input can allow for unauthorized viewing of data, bypassing authentication or the front-end application for direct XML database access, and possibly altering database information.
CAPEC-83: XPath Injection
An attacker can craft special user-controllable input consisting of XPath expressions to inject the XML database and bypass authentication or glean information that they normally would not be able to. XPath Injection enables an attacker to talk directly to the XML database, thus bypassing the application completely. XPath Injection results from the failure of an application to properly sanitize input used as part of dynamic XPath expressions used to query an XML database.