XPath Injection

  • CWE 643

This page is possibly vulnerable to XPath injection attack which is a technique used to exploit web sites that construct XPath queries from user-supplied input.

An unauthenticated attacker may extract a complete XML document using XPath querying. This may compromise the integrity of your database and expose sensitive information.


Filter metacharacters from user input.