Description

It is possible to inject XML code into the application's requests, which is then interpreted by the server. This could allow an attacker to perform data exfiltration or execute commands remotely.

Impact

Perform various attacks that compromise the confidentiality, integrity and availability of the system.

Recommendation

Filter the information that is received and sent by the application through white lists.

Threat

Authenticated attacker from the Internet.

Expected Remediation Time

⏱️ 60 minutes.

Requirements

Fixes