CAPEC-250: XML Injection | ZEN SecDB Portal

An attacker utilizes crafted XML user-controllable input to probe, attack, and inject data into the XML database, using techniques similar to SQL injection. The user-controllable input can allow for unauthorized viewing of data, bypassing authentication or the front-end application for direct XML database access, and possibly altering database information.

https://capec.mitre.org/data/definitions/250.html

Weaknesses

# ID	Name	Type
CWE-20	Improper Input Validation	weakness
CWE-74	Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')	weakness
CWE-91	XML Injection (aka Blind XPath Injection)	weakness
CWE-707	Improper Neutralization	weakness

Taxonomiy Mapping

Type	# ID	Name
WASC	23	XML Injection