VDB
DEBIAN-CVE-2018-1000632
DEBIAN-CVE-2018-1000632
PUBLISHED
CVSS 7.5 HIGH
dom4j version prior to version 2.1.1 contains a CWE-91: XML Injection vulnerability in Class: Element. Methods: addElement, addAttribute that can result in an attacker tampering with XML documents through XML injection. This attack appear to be exploitable via an attacker specifying attributes or elements in the XML document. This vulnerability appears to have been fixed in 2.1.1 or later.
Risk Scores
CVSS v3.1
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Debian:12 | dom4j | 0, 0, 0 |
| Debian:13 | dom4j | 0, 0, 0 |
| Debian:14 | dom4j | 0, 0, 0 |
| Debian:11 | dom4j | 0, 0, 0 |
Timeline
- Aug 20, 2018 CVE Published
- Apr 28, 2026 CVE Updated