Description

dom4j version prior to version 2.1.1 contains a CWE-91: XML Injection vulnerability in Class: Element. Methods: addElement, addAttribute that can result in an attacker tampering with XML documents through XML injection. This attack appear to be exploitable via an attacker specifying attributes or elements in the XML document. This vulnerability appears to have been fixed in 2.1.1 or later.

Remediation

References

CVE-2018-1000632

Related Vulnerabilities

ownCloud Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2012-4391)

MySQL CVE-2021-35645 Vulnerability (CVE-2021-35645)

Oracle JRE CVE-2014-0464 Vulnerability (CVE-2014-0464)

WordPress Plugin ACF Frontend display Arbitrary File Upload (2.0.5)

Magento Improper Authentication Vulnerability (CVE-2019-8108)

Severity

High

Classification

CVE-2018-1000632 CWE-91 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Tags

Missing Update Known Vulnerabilities