CWE-643 · Improper Neutralization of Data within XPath Expressions (XPath Injection)
13 CVEs classified under CWE-643 (Improper Neutralization of Data within XPath Expressions (XPath Injection)). Browse by severity and year.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-44962 | Critical | 9.9 | 2026-05-29 | Plesk contains an XPath injection vulnerability in the APS Application Catalog search functionality, where user-supplied input is interpolated into XPath queri… |
CVE-2024-39565 | High | 8.8 | 2024-07-10 | An Improper Neutralization of Data within XPath Expressions ('XPath Injection') vulnerability in J-Web shipped with Juniper Networks Junos OS allows an unauthe… |
CVE-2020-25162 | High | 7.5 | 2022-04-14 | A XPath injection vulnerability in the B. Braun Melsungen AG SpaceCom Version L81/U61 and earlier, and the Data module compactplus Versions A10 and A11 allows… |
CVE-2026-40699 | Medium | 6.5 | 2026-05-13 | A vulnerability exists in the undisclosed pages in the Configuration utility that may allow a low-privileged authenticated attacker to access to undisclosed se… |
CVE-2023-36429 | Medium | 6.5 | 2023-10-10 | Microsoft Dynamics 365 (On-Premises) Information Disclosure Vulnerability |
CVE-2023-36433 | Medium | 6.5 | 2023-10-10 | Microsoft Dynamics 365 (On-Premises) Information Disclosure Vulnerability |
CVE-2023-24922 | Medium | 6.5 | 2023-03-14 | Microsoft Dynamics 365 (On-Premises) Information Disclosure Vulnerability |
CVE-2025-11844 | Medium | 5.4 | 2025-10-22 | Hugging Face Smolagents version 1.20.0 contains an XPath injection vulnerability in the search_item_ctrl_f function located in src/smolagents/vision_web_browse… |
CVE-2025-20218 | Medium | 4.9 | 2025-08-14 | A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software could allow an authenticated, remote attacker t… |
CVE-2022-43840 | Medium | 4.3 | 2025-04-14 | IBM Aspera Console 3.4.0 through 3.4.4 is vulnerable to an XPath injection vulnerability, which could allow an authenticated attacker to exfiltrate sensitive… |
CVE-2024-2648 | Medium | 4.3 | 2024-03-19 | A vulnerability, which was classified as problematic, was found in Netentsec NS-ASG Application Security Gateway 6.3. Affected is an unknown function of the fi… |
CVE-2024-2645 | Medium | 4.3 | 2024-03-19 | A vulnerability classified as problematic has been found in Netentsec NS-ASG Application Security Gateway 6.3. This affects an unknown part of the file /vpnweb… |
CVE-2026-24343 | | 2026-02-10 | Improper Neutralization of Data within XPath Expressions ('XPath Injection') vulnerability in Apache HertzBeat. This issue affects Apache HertzBeat: from 1.7… |