XPath injection
Description
Dynamic XPath statements are generated without the required data validation.
Impact
Inject queries to obtain sensitive information without authorization.
Recommendation
Perform input data validations on the server-side to avoid common injection attacks.
Threat
Authenticated attacker from the Internet.
Expected Remediation Time
⏱️ 60 minutes.
Requirements
173 - Discard unsafe inputsRules
Kotlin Xpath Injection Unvalidated InputPhp Xpath Format String InjectionJavascript Dynamic Xpath InjectionC Sharp Xpath Injection Unvalidated InputPython Xpath Format String InjectionJava Xpath Injection Via ConcatScala Unsafe Xpath InjectionTypescript Dynamic Xpath InjectionGo Xpath Unsanitized Input QueryC Sharp Xmlnode Xpath InjectionC Sharp Unvalidated Xpath Input