Weaknesses of type CWE-91
72 resultsCVE-2024-11622HIGHAn XML external entity injection (XXE) vulnerability in HPE Insight Remote Support may allow remote users to disclose information in certainEPSS 1.5%CVE-2024-25413CRITICALA XSLT Server Side injection vulnerability in the Import Jobs function of FireBear Improved Import And Export v3.8.6 allows attackers to exeEPSS 1.5%CVE-2021-4140CRITICALIt was possible to construct specific XSLT markup that would be able to bypass an iframe sandbox. This vulnerability affects Firefox ESR < 9EPSS 1.3%CVE-2023-32173MEDIUMUnified Automation UaGateway AddServer XML Injection Denial-of-Service VulnerabilityEPSS 1.2%CVE-2024-51136CRITICALAn XML External Entity (XXE) vulnerability in Dmoz2CSV in openimaj v1.3.10 allows attackers to access sensitive information or execute arbitEPSS 1.2%CVE-2024-28109HIGHPotential XSLT injection vulnerability when using policy filesEPSS 1.0%CVE-2023-22247HIGHAdobe Commerce XML Injection Arbitrary file system readEPSS 0.9%CVE-2023-38207HIGHAdobe Commerce XML Injection (aka Blind XPath Injection) Arbitrary file system readEPSS 0.8%CVE-2023-29289MEDIUMAdobe Commerce XML Injection Security feature bypassEPSS 0.8%CVE-2021-27777HIGHHCL Unica Platform is vulnerable to XML External Entity (XXE) injectionEPSS 0.8%CVE-2022-35259HIGHXML Injection with Endpoint Manager 2022. 3 and below causing a download of a malicious file to run and possibly execute to gain unauthorizeEPSS 0.7%CVE-2022-32755MEDIUMIBM Security Directory Server external entity injectionEPSS 0.7%CVE-2022-4245MEDIUMCodehaus-plexus: xml external entity (xxe) injectionEPSS 0.7%CVE-2022-2458—XML external entity injection(XXE) is a vulnerability that allows an attacker to interfere with an application's processing of XML data. ThiEPSS 0.7%CVE-2021-22524MEDIUMDenial of service vulnerability in NetIQ Access Manager versions prior to version 4.5.4 and 5.0.1EPSS 0.6%CVE-2022-27233MEDIUMXML injection in the Quartus(R) Prime Programmer included in the Intel(R) Quartus Prime Pro and Standard edition software may allow an unautEPSS 0.6%CVE-2024-47113HIGHIBM ICP - Voice Gateway XML injectionEPSS 0.6%CVE-2024-42374HIGHXML injection in SAP BEx Web Java Runtime Export Web ServiceEPSS 0.5%CVE-2023-35858MEDIUMXPath Injection vulnerabilities in the blog and RSS functions of Modern Campus - Omni CMS 2023.1 allow a remote, unauthenticated attacker toEPSS 0.5%CVE-2022-22244MEDIUMJunos OS: Unauthenticated XPath Injection vulnerability in J-WebEPSS 0.5%