CWE-643— XPath Injection
The product uses external input to dynamically construct an XPath expression used to retrieve data from an XML database, but it does not neutralize or incorrectly neutralizes that input. This allows an attacker to control the structure of the query.— MITRE CWE catalog
14 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-643page 1 of 1
- CVE-2020-25162HIGHCVSS 7.5EG 7.52022-04-14
A XPath injection vulnerability in the B. Braun Melsungen AG SpaceCom Version L81/U61 and earlier, and the Data module compactplus Versions A10 and A11 allows unauthenticated remote attackers to access sensitive information and escalate pr…
- CVE-2022-43840MEDIUMCVSS 4.3EG 4.32025-04-14
IBM Aspera Console 3.4.0 through 3.4.4 is vulnerable to an XPath injection vulnerability, which could allow an authenticated attacker to exfiltrate sensitive application data and/or determine the structure of the XML document.
- CVE-2023-24922MEDIUMCVSS 6.5EG 6.52023-03-14
Microsoft Dynamics 365 (On-Premises) Information Disclosure Vulnerability
- CVE-2023-36429MEDIUMCVSS 6.5EG 6.52023-10-10
Microsoft Dynamics 365 (On-Premises) Information Disclosure Vulnerability
- CVE-2023-36433MEDIUMCVSS 6.5EG 6.52023-10-10
Microsoft Dynamics 365 (On-Premises) Information Disclosure Vulnerability
- CVE-2024-2645MEDIUMCVSS 4.3EG 4.32024-03-19
A vulnerability classified as problematic has been found in Netentsec NS-ASG Application Security Gateway 6.3. This affects an unknown part of the file /vpnweb/resetpwd/resetpwd.php. The manipulation of the argument UserId leads to imprope…
- CVE-2024-2648MEDIUMCVSS 4.3EG 4.32024-03-19
A vulnerability, which was classified as problematic, was found in Netentsec NS-ASG Application Security Gateway 6.3. Affected is an unknown function of the file /nac/naccheck.php. The manipulation of the argument username leads to imprope…
- CVE-2024-39565HIGHCVSS 8.8EG 8.82024-07-10
An Improper Neutralization of Data within XPath Expressions ('XPath Injection') vulnerability in J-Web shipped with Juniper Networks Junos OS allows an unauthenticated, network-based attacker to execute remote commands on the target devi…
- CVE-2024-8955HIGHCVSS 7.5EG 6.82025-03-20
A Server-Side Request Forgery (SSRF) vulnerability exists in composiohq/composio version v0.4.4. This vulnerability allows an attacker to read the contents of any file in the system by exploiting the BROWSERTOOL_GOTO_PAGE and BROWSERTOOL_G…
- CVE-2025-11844MEDIUMCVSS 5.4EG 5.42025-10-22
Hugging Face Smolagents version 1.20.0 contains an XPath injection vulnerability in the search_item_ctrl_f function located in src/smolagents/vision_web_browser.py. The function constructs an XPath query by directly concatenating user-supp…
- CVE-2025-20218MEDIUMCVSS 4.9EG 4.92025-08-14
A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software could allow an authenticated, remote attacker to retrieve sensitive information from an affected device. This vulnerability …
- CVE-2026-24343HIGHCVSS 8.8EG 8.82026-02-10
Improper Neutralization of Data within XPath Expressions ('XPath Injection') vulnerability in Apache HertzBeat. This issue affects Apache HertzBeat: from 1.7.1 before 1.8.0. Users are recommended to upgrade to version 1.8.0, which fixes …
- CVE-2026-40699MEDIUMCVSS 6.5EG 6.52026-05-13
A vulnerability exists in the undisclosed pages in the Configuration utility that may allow a low-privileged authenticated attacker to access to undisclosed sensitive information. Note: Software versions which have reached End of Techni…
- CVE-2026-44962CRITICALCVSS 10.0EG 9.92026-05-29
Plesk contains an XPath injection vulnerability in the APS Application Catalog search functionality, where user-supplied input is interpolated into XPath queries without proper sanitization. This allows an authenticated, low-privileged use…
Map vulnerabilities like CWE-643 to your infrastructure
EchelonGraph correlates every CVE — across CWE-643 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →