Description

Dynamic XPath statements are generated without the required data validation.

Impact

Inject queries to obtain sensitive information without authorization.

Recommendation

Perform input data validations on the server-side to avoid common injection attacks.

Threat

Authenticated attacker from the Internet.

Expected Remediation Time

⏱️ 60 minutes.

Requirements

Fixes