Improper Neutralization of Data within XPath Expressions ('XPath Injection')

Property
Language	csharp
Severity
CWE	CWE-643: Improper Neutralization of Data within XPath Expressions (‘XPath Injection’)
OWASP	A03:2021 - Injection
Confidence Level	Medium
Impact Level	Medium
Likelihood Level	Medium

Description#

The code builds XPath queries using user input without proper validation or sanitization. This allows attackers to inject malicious data into the query, potentially altering its logic or accessing unauthorized XML data.

Impact#

If exploited, an attacker could bypass authentication, extract sensitive information, or manipulate XML data by injecting crafted input. This can lead to data breaches, unauthorized access, or compromise of application integrity.

Improper Neutralization of Data within XPath Expressions (‘XPath Injection’)

Description#

Impact#