This page collects WhisperX intelligence signals tagged #xml-injection. It is designed for humans, search engines, and AI agents: each item links to a canonical source-backed record with sector, source, timestamp, credibility, and exportable structured data.
A medium-severity XML injection vulnerability in `fast-xml-parser` versions below 5.7.0 has been identified as reachable through a transitive dependency chain affecting `firebase-admin` deployments. The flaw, cataloged as GHSA-gh4j-gqv2-49f6 with a CVSS score of 6.1, allows attackers to inject malformed XML structures ...
A security vulnerability has been identified in fast-xml-parser, a widely-used XML parsing library, enabling attackers to inject XML comments and CDATA sections through unescaped delimiters. Tracked as CVE-2026-41650 and GHSA-gh4j-gqv2-49f6, the flaw resides specifically in the XMLBuilder component of the parser. The v...