XAML injection
Description
The application does not properly validate user input, allowing XamlReader instances to be manipulated to generate malicious elements that can interact with other system actors
Impact
Create malicious elements that can produce more severe vulnerabilities
Recommendation
Define length and content validations in all the system inputs
Threat
Authenticated attacker from the Internet
Expected Remediation Time
⏱️ 20 minutes.
Requirements
173 - Discard unsafe inputsFixes
Score
Default score using CVSS 4.0. It may change depending on the context of the src.
Base 4.0
Attack vector
N
Attack complexity
H
Attack requirements
N
Privileges required
L
User interaction
N
Confidentiality (VC)
N
Integrity (VI)
L
Availability (VA)
N
Confidentiality (SC)
N
Integrity (SI)
N
Availability (SA)
N
Threat 4.0
Exploit maturity
P
Vector string
CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P