Description
The product does not properly neutralize special elements that are used in XML, allowing attackers to modify the syntax, content, or commands of the XML before it is processed by an end system.
Extended Description
Within XML, special elements could include reserved words or characters such as "<", ">", """, and "&", which could then be used to add new data or modify XML syntax.
CVE vulnerabilities with CWE-91 (150)
10.0
CVSS
CRITICAL
CVE-2021-4140
pub. 2022-12-22
9.8
CVSS
CRITICAL
CVE-2024-51136
pub. 2024-11-04
9.8
CVSS
CRITICAL
CVE-2023-43187
pub. 2023-09-27
9.8
CVSS
CRITICAL
CVE-2019-19450
pub. 2023-09-20
9.8
CVSS
CRITICAL
CVE-2021-37154
pub. 2021-08-25
9.8
CVSS
CRITICAL
CVE-2020-29128
pub. 2020-11-26
9.8
CVSS
CRITICAL
CVE-2020-25216
pub. 2020-09-17
9.8
CVSS
CRITICAL
CVE-2020-11535
pub. 2020-04-15
9.8
CVSS
CRITICAL
CVE-2015-6970
pub. 2020-02-18
9.8
CVSS
CRITICAL
CVE-2020-0646
pub. 2020-01-14🚩 CISA KEV⚡ EXPLOIT
9.8
CVSS
CRITICAL
CVE-2019-8158
pub. 2019-11-06
9.8
CVSS
CRITICAL
CVE-2013-4857
pub. 2019-10-25
9.8
CVSS
CRITICAL
CVE-2019-17626
pub. 2019-10-16
9.8
CVSS
CRITICAL
CVE-2019-16941
pub. 2019-09-28
9.8
CVSS
CRITICAL
CVE-2019-14277
pub. 2019-07-26
9.8
CVSS
CRITICAL
CVE-2013-7429
pub. 2017-09-14
9.4
CVSS
CRITICAL
CVE-2020-8479
pub. 2020-04-29
9.1
CVSS
CRITICAL
CVE-2021-38948
pub. 2021-11-02
9.1
CVSS
CRITICAL
CVE-2021-36022
pub. 2021-09-01
9.1
CVSS
CRITICAL
CVE-2021-36028
pub. 2021-09-01
Showing 20 of 150 vulnerabilities