CWE-643 (Improper Neutralization of Data within XPath Expressions ('XPath Injection')) documents a weakness type used across vulnerability databases and security assessments. Use the sections below for definition, context, and mapped CVEs.
The product uses external input to dynamically construct an XPath expression used to retrieve data from an XML database, but it does not neutralize or incorrectly neutralizes that input. This allows an attacker to control the structure of the query.
| Kind | Name | Class | Prevalence | OS / CPE |
|---|---|---|---|---|
| language | — | Not Language-Specific | Undetermined | — |
These CVEs are mapped to this weakness in this database and kept for traceability and search.
| CVE | Published | Summary |
|---|---|---|
| CVE-2026-44962 | 2026-05-29 | Plesk contains an XPath injection vulnerability in the APS Application Catalog search functionality, where user-supplied input is interpolated into XPath queries without proper sanitization. This allo… |
| CVE-2026-40699 | 2026-05-13 | A vulnerability exists in the undisclosed pages in the Configuration utility that may allow a low-privileged authenticated attacker to access to undisclosed sensitive information. Note: Software vers… |
| CVE-2026-24343 | 2026-02-10 | Improper Neutralization of Data within XPath Expressions ('XPath Injection') vulnerability in Apache HertzBeat. This issue affects Apache HertzBeat: from 1.7.1 before 1.8.0. Users are recommended to… |
| CVE-2025-11844 | 2025-10-22 | Hugging Face Smolagents version 1.20.0 contains an XPath injection vulnerability in the search_item_ctrl_f function located in src/smolagents/vision_web_browser.py. The function constructs an XPath qu… |
| CVE-2025-20218 | 2025-08-14 | A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software could allow an authenticated, remote attacker to retrieve sensitive information from an … |
| CVE-2022-43840 | 2025-04-14 | IBM Aspera Console 3.4.0 through 3.4.4 is vulnerable to an XPath injection vulnerability, which could allow an authenticated attacker to exfiltrate sensitive application data and/or determine the str… |
| CVE-2024-39565 | 2024-07-10 | An Improper Neutralization of Data within XPath Expressions ('XPath Injection') vulnerability in J-Web shipped with Juniper Networks Junos OS allows an unauthenticated, network-based attacker to execu… |
| CVE-2024-2648 | 2024-03-19 | A vulnerability, which was classified as problematic, was found in Netentsec NS-ASG Application Security Gateway 6.3. Affected is an unknown function of the file /nac/naccheck.php. The manipulation of… |
| CVE-2024-2645 | 2024-03-19 | A vulnerability classified as problematic has been found in Netentsec NS-ASG Application Security Gateway 6.3. This affects an unknown part of the file /vpnweb/resetpwd/resetpwd.php. The manipulation … |
| CVE-2023-36433 | 2023-10-10 | Microsoft Dynamics 365 (On-Premises) Information Disclosure Vulnerability |
| CVE-2023-36429 | 2023-10-10 | Microsoft Dynamics 365 (On-Premises) Information Disclosure Vulnerability |
| CVE-2023-24922 | 2023-03-14 | Microsoft Dynamics 365 (On-Premises) Information Disclosure Vulnerability |
| CVE-2020-25162 | 2022-04-14 | A XPath injection vulnerability in the B. Braun Melsungen AG SpaceCom Version L81/U61 and earlier, and the Data module compactplus Versions A10 and A11 allows unauthenticated remote attackers to acces… |
| Date | Name | Version | Importance | Comment |
|---|---|---|---|---|
| 2008-09-08 | CWE Content Team | 1.0 | — | updated Common_Consequences, Relationships |
| 2008-10-14 | CWE Content Team | 1.0.1 | — | updated Description, Name, References, Relationship_Notes |
| 2009-03-10 | CWE Content Team | 1.3 | — | updated Demonstrative_Examples |
| 2009-05-27 | CWE Content Team | 1.4 | — | updated Name |
| 2009-10-29 | CWE Content Team | 1.6 | — | updated Common_Consequences |
| 2010-02-16 | CWE Content Team | 1.8 | — | updated Taxonomy_Mappings |
| 2010-04-05 | CWE Content Team | 1.8.1 | — | updated Description, Name |
| 2010-06-21 | CWE Content Team | 1.9 | — | updated Enabling_Factors_for_Exploitation |
| 2010-12-13 | CWE Content Team | 1.11 | — | updated Common_Consequences |
| 2011-06-01 | CWE Content Team | 1.13 | — | updated Common_Consequences |
| 2012-05-11 | CWE Content Team | 2.2 | — | updated References, Relationships |
| 2012-10-30 | CWE Content Team | 2.3 | — | updated Potential_Mitigations |
| 2014-06-23 | CWE Content Team | 2.7 | — | updated Relationships |
| 2014-07-30 | CWE Content Team | 2.8 | — | updated Relationships, Taxonomy_Mappings |
| 2017-11-08 | CWE Content Team | 3.0 | — | updated Applicable_Platforms, Enabling_Factors_for_Exploitation, Modes_of_Introduction, Relationships |
| 2018-03-27 | CWE Content Team | 3.1 | — | updated Relationships |
| 2020-02-24 | CWE Content Team | 4.0 | — | updated Relationships |
| 2020-08-20 | CWE Content Team | 4.2 | — | updated Relationships |
| 2020-12-10 | CWE Content Team | 4.3 | — | updated Relationships |
| 2021-10-28 | CWE Content Team | 4.6 | — | updated Relationships |
| 2023-01-31 | CWE Content Team | 4.10 | — | updated Description |
| 2023-04-27 | CWE Content Team | 4.11 | — | updated Detection_Factors, References, Relationships |
| 2023-06-29 | CWE Content Team | 4.12 | — | updated Mapping_Notes |
| 2024-02-29 | CWE Content Team | 4.14 | — | updated Demonstrative_Examples |
| 2025-12-11 | CWE Content Team | 4.19 | — | updated Relationships, Weakness_Ordinalities |