Specially crafted XPath expressions could allow attackers to cause a denial of service or possibly have unspecified other impact (CVE-2011-2821,CVE-2011-2834).