CWE-91
XML Injection (aka Blind XPath Injection)
The product does not properly neutralize special elements that are used in XML, allowing attackers to modify the syntax, content, or commands of the XML before it is processed by an end system.
Official CWE-91 definition at MITREImpactr finds and proves weaknesses like CWE-91 in your web apps and APIs - investigating, chaining, and validating each with a reproducible exploit.
Join the waitlist