WEB APPLICATION VULNERABILITIES Standard & Premium

Jboss EAP XML Injection (aka Blind XPath Injection) Vulnerability (CVE-2018-1000632)

Description

dom4j version prior to version 2.1.1 contains a CWE-91: XML Injection vulnerability in Class: Element. Methods: addElement, addAttribute that can result in an attacker tampering with XML documents through XML injection. This attack appear to be exploitable via an attacker specifying attributes or elements in the XML document. This vulnerability appears to have been fixed in 2.1.1 or later.

Remediation

References

CVE-2018-1000632

Related Vulnerabilities

Drupal Core 4.5.x Mail Header Injection (4.5.0 - 4.5.7)

WordPress Plugin Formidable Forms-Contact Form, Survey, Quiz, Calculator & Custom Form Builder PHP Object Injection (4.02)

Moodle Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2021-36392)

Nginx CVE-2010-4180 Vulnerability (CVE-2010-4180)

MySQL CVE-2013-1544 Vulnerability (CVE-2013-1544)

Severity

High

Classification

CVE-2018-1000632 CWE-91 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Tags

Missing Update Known Vulnerabilities