Home/Alerts/Alert detail/

SOAP XML Injection

Risk:
High

Type:
Active

Summary: Some XML injected code has been interpreted by the server.

Solution: Use a detailed description of SOAP attributes in the WSDL file.

Other info: Some XML injected code has been interpreted by the server.

References: https://www.nds.ruhr-uni-bochum.de/media/nds/veroeffentlichungen/2012/07/11/camera-ready.pdf

Top Security News

Microsoft fixes actively exploited zero-days (CVE-2024-43451, CVE-2024-49039)

Bitbucket services “hard down” due to major worldwide outage

SonicWall Urges Immediate Patch for Critical CVE-2025-23006 Flaw Amid Likely Exploitation

Hackers exploit 16 zero-days on first day of Pwn2Own Automotive 2025

Windows Server 2025 released—here are the new features

Ivanti Flaw CVE-2025-0282 Actively Exploited, Impacts Connect Secure and Policy Secure

U.S. Sanctions Chinese Cybersecurity Firm Over Treasury Hack Tied to Salt Typhoon

TikTok is back up in the US after Trump says he will extend deadline

Common Alerts

MediumCSP: script-src unsafe-eval

InformationalImage Exposes Location or Privacy Data

LowServer Leaks Version Information via "Server" HTTP Response Header Field

LowCSP: Notices

HighPath Traversal

HighRemote Code Execution - Shell Shock

InformationalUser Controllable Charset

MediumSource Code Disclosure - PHP

Medium.htaccess Information Leak

HighAccess Control Issue - Improper Authentication

Top CVE List

CVE-2024-50603 Aviatrix Controllers OS Command Injection Vulnerability

CVE-2024-47575 Fortinet FortiManager Missing Authentication Vulnerability

CVE-2024-49039 Microsoft Windows Task Scheduler Privilege Escalation Vulnerability

CVE-2020-11023 JQuery Cross-Site Scripting (XSS) Vulnerability

CVE-2025-21333 Microsoft Windows Hyper-V NT Kernel Integration VSP Heap-based Buffer Overflow Vulnerability

CVE-2024-55591 Fortinet FortiOS and FortiProxy Authentication Bypass Vulnerability

CVE-2025-0282 Ivanti Connect Secure, Policy Secure, and ZTA Gateways Stack-Based Buffer Overflow Vulnerability

CVE-2017-6736 Cisco IOS and IOS XE Software SNMP Remote Code Execution Vulnerability

CVE-2024-50623 Cleo Multiple Products Unrestricted File Upload Vulnerability

CVE-2017-3881 Cisco IOS and IOS XE Remote Code Execution Vulnerability

Common CWEs

CWE-1079 Parent Class without Virtual Destructor Method

CWE-491 Public cloneable() Method Without Final ('Object Hijack')

MediumCWE-401 Missing Release of Memory after Effective Lifetime

CWE-773 Missing Reference to Active File Descriptor or Handle

CWE-628 Function Call with Incorrectly Specified Arguments

CWE-1084 Invokable Control Element with Excessive File or Data Access Operations

CWE-105 Struts: Form Field Without Validator

MediumCWE-354 Improper Validation of Integrity Check Value

HighCWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

HighCWE-257 Storing Passwords in a Recoverable Format

Free online web security scanner

Don't show website scan report rating on the leaderboard