dom4j version prior to version 2.1.1 contains a CWE-91: XML Injection vulnerability in Class: Element. Methods: addElement, addAttribute that can result in an attacker tampering with XML documents through XML injection. This attack appear to be exploitable via an attacker specifying attributes or elements in the XML document. This vulnerability appears to have been fixed in 2.1.1 or later.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
dom4j project dom4j |
||
debian debian linux 8.0 |
||
oracle flexcube investor servicing 12.3.0 |
||
oracle flexcube investor servicing 12.1.0 |
||
oracle flexcube investor servicing 12.0.4 |
||
oracle retail integration bus 15.0 |
||
oracle utilities framework 4.2.0.3.0 |
||
oracle utilities framework 4.2.0.2.0 |
||
oracle flexcube investor servicing 12.4.0 |
||
oracle flexcube investor servicing 14.0.0 |
||
oracle retail integration bus 16.0 |
||
oracle utilities framework 4.4.0.0.0 |
||
oracle primavera p6 enterprise project portfolio management |
||
oracle rapid planning 12.1 |
||
oracle rapid planning 12.2 |
||
oracle utilities framework 4.4.0.2 |
||
oracle utilities framework 2.2.0 |
||
oracle utilities framework |
||
redhat satellite capsule 6.6 |
||
redhat satellite 6.6 |
||
redhat jboss_enterprise_application_platform 6.0.0 |
||
redhat jboss_enterprise_application_platform 6.4.0 |
||
redhat jboss_enterprise_application_platform 7.1.0 |
||
netapp snap creator framework - |
||
netapp snapcenter - |
||
netapp snapmanager - |
||
netapp oncommand workflow automation - |