CVE-2024-25413

CRITICAL Year: 2024
CVSS v3 Score
9.1
Critical
Weakness Type
CWE-91
View all →

Vulnerability Description

A XSLT Server Side injection vulnerability in the Import Jobs function of FireBear Improved Import And Export v3.8.6 allows attackers to execute arbitrary commands via a crafted XSLT file.

Related Vulnerabilities

CVE-2014-1409

CRITICAL
CVSS:9.1(Critical)

MobileIron VSP versions prior to 5.9.1 and Sentry versions prior to 5.0 have an authentication bypass vulnerability due to an XML file with obfuscated passwords

CWE-912014

CVE-2021-21019

CRITICAL
CVSS:9.1(Critical)

Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are vulnerable to XML injection in the Widgets module. Successful exploitation could lead to arbitrary code executi...

CWE-912021

CVE-2021-21025

CRITICAL
CVSS:9.1(Critical)

Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are vulnerable to XML injection in the product layout updates. Successful exploitation could lead to arbitrary code...

CWE-912021

CVE-2022-32755

CRITICAL
CVSS:9.1(Critical)

IBM Security Directory Server 6.4.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive info...

CWE-912022

CVE-2022-34253

CRITICAL
CVSS:9.1(Critical)

Adobe Commerce versions 2.4.3-p2 (and earlier), 2.3.7-p3 (and earlier) and 2.4.4 (and earlier) are affected by an XML Injection vulnerability in the Widgets Module. An attacker with admin privileges c...

CWE-912022

CVE-2018-16785

HIGH
CVSS:8.8(High)

XML injection vulnerability exists in the file of DedeCMS V5.7 SP2 version, which can be utilized by attackers to create script file to obtain webshell

CWE-912018