Exploit
CVE-2015-3931

XML Injection (aka Blind XPath Injection) (CWE-91)

Published: Jul 21, 2017 / Updated: 89mo ago

010
No CVSS yetEPSS 1.1%
CVE info copied to clipboard

Microsec e-Szigno before 3.2.7.12 allows remote attackers to perform XML signature wrapping attacks via an e-akta signed document with a ds:Object node with a crafted payload prepended to a valid ds:Object.

Timeline

First Article

Feedly found the first article mentioning CVE-2015-3931. See article

Jun 29, 2015 at 11:51 AM / networks.org
EPSS

EPSS Score was set to: 1.1% (Percentile: 82.8%)

Dec 20, 2023 at 10:06 PM
Static CVE Timeline Graph

Affected Systems

Microsec/e-szigno
+null more

Exploits

http://packetstormsecurity.com/files/132473/Microsec-e-Szigno-Netlock-Mokka-XML-Signature-Wrapping.html
+null more

Patches

e-szigno.hu
+null more

Attack Patterns

CAPEC-250: XML Injection
+null more

Be the first to know about critical vulnerabilities

Collect, analyze, and share vulnerability reports faster using AI