XPath Injection
- CWE 643
This page is possibly vulnerable to XPath injection attack which is a technique used to exploit web sites that construct XPath queries from user-supplied input.
An unauthenticated attacker may extract a complete XML document using XPath querying. This may compromise the integrity of your database and expose sensitive information.
Remediation
Filter metacharacters from user input.
References
Go Back to List
Search Vulnerability
You may also see
- Long Redirect Response
- Error Message
- Stack Trace
- Internal Path
- Not Secure Cookie
- Not Http-Only Cookie
- Sensitive Data in Query String
- Sensitive Data over HTTP
- Server Error
- Source Code Disclosure
- Information Leakage
- Web Backdoor
- Database Connection String
- Autocomplete Enabled
- Undefined Content-Type Header
- Missing X-Frame-Options Header
- Mixed Content
- Insecure iFrame
- XPath Injection
- Basic Authentication over HTTP
- Forbidden Resource
- Multiple Choices Enabled
- Apache MultiViews Enabled