Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
By Recent Activity
xpath injection vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2012-4840
IBM Cognos Business Intelligence (BI) 8.4.1 before IF1, 10.1 before IF2, 10.1.1 before IF2, and 10.2 before IF1 allows remote attackers to conduct XPath injection attacks, and call XPath extension functions, via unspecified vectors....
Ibm Cognos Business Intelligence 8.4.1
Ibm Cognos Business Intelligence 10.1
Ibm Cognos Business Intelligence 10.1.1
Ibm Cognos Business Intelligence 10.2
6.4
CVSSv2
CVE-2019-0370
Due to missing input validation, SAP Financial Consolidation, before versions 10.0 and 10.1, enables an attacker to use crafted input to interfere with the structure of the surrounding query leading to XPath Injection....
Sap Financial Consolidation 10.0
Sap Financial Consolidation 10.1
4
CVSSv2
CVE-2012-4837
IBM Cognos Business Intelligence (BI) 8.4.1 before IF1, 10.1 before IF2, 10.1.1 before IF2, and 10.2 before IF1 allows remote authenticated users to conduct XPath injection attacks, and read arbitrary XML files, via unspecified vectors....
Ibm Cognos Business Intelligence 10.1
Ibm Cognos Business Intelligence 10.1.1
Ibm Cognos Business Intelligence 10.2
Ibm Cognos Business Intelligence 8.4.1
7.8
CVSSv2
CVE-2020-25162
A XPath injection vulnerability in the B. Braun Melsungen AG SpaceCom Version L81/U61 and earlier, and the Data module compactplus Versions A10 and A11 allows unauthenticated remote attackers to access sensitive information and escalate privileges....
Bbraun Datamodule Compactplus A10
Bbraun Datamodule Compactplus A11
Bbraun Spacecom
5
CVSSv2
CVE-2016-6272
XPath injection vulnerability in Epic MyChart allows remote attackers to access contents of an XML document containing static display strings, such as field labels, via the topic parameter to help.asp. NOTE: this was originally reported as a SQL injection vulnerability, but this...
Epic Mychart -
1 EDB exploit available
5.5
CVSSv2
CVE-2013-0505
IBM Sterling Order Management 8.0 before HF127, 8.5 before HF89, 9.0 before HF69, 9.1.0 before FP41, and 9.2.0 before FP13 allows remote authenticated users to conduct XPath injection attacks, and read arbitrary XML files, via unspecified vectors....
Ibm Sterling Selling And Fulfillment Foundation 9.2.0
Ibm Sterling Selling And Fulfillment Foundation 9.1.0
Ibm Sterling Selling And Fulfillment Foundation 9.0
Ibm Sterling Selling And Fulfillment Foundation 8.5
Ibm Sterling Multi-channel Fulfillment Solution 8.0
5
CVSSv2
CVE-2015-5970
The ChangePassword RPC method in Novell ZENworks Configuration Management (ZCM) 11.3 and 11.4 allows remote attackers to conduct XPath injection attacks, and read arbitrary text files, via a malformed query involving a system entity reference....
Novell Zenworks Configuration Management 11.3.2
Novell Zenworks Configuration Management 11.4.0
Novell Zenworks Configuration Management 11.4.1
Novell Zenworks Configuration Management 11.3.1
Novell Zenworks Configuration Management 11.3.0
5.5
CVSSv2
CVE-2012-2596
The XPath functionality in unspecified web applications in Siemens WinCC 7.0 SP3 before Update 2 does not properly handle special characters in parameters, which allows remote authenticated users to read or modify settings via a crafted URL, related to an "XML...
Siemens Wincc 7.0
4
CVSSv2
CVE-2016-9149
The Addresses Object parser in Palo Alto Networks PAN-OS before 5.0.20, 5.1.x before 5.1.13, 6.0.x before 6.0.15, 6.1.x before 6.1.15, 7.0.x before 7.0.11, and 7.1.x before 7.1.6 mishandles single quote characters, which allows remote authenticated users to conduct XPath...
Paloaltonetworks Pan-os
7.5
CVSSv2
CVE-2019-8158
An XPath entity injection vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An attacker can craft a GET request to page cache block rendering module that gets passed to XML data processing engine without validation. The crafted...
Magento Magento
Magento Magento 2.3.2
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2021-31805
dos
CVE-2022-26727
CVE-2022-26712
CVE-2022-1529
CVE-2022-20807
template injection
CVE-2022-26690
cross-site scripting
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »