Statements (32)
| Predicate | Object |
|---|---|
| gptkbp:instance_of |
gptkb:Common_Weakness_Enumeration
|
| gptkbp:bfsLayer |
6
|
| gptkbp:bfsParent |
gptkb:CWE-74
|
| gptkbp:category |
Injection
|
| gptkbp:consequences |
Data corruption.
Application crashes. Unauthorized access to sensitive data. |
| gptkbp:difficulty |
gptkb:High
|
| gptkbp:example |
An attacker modifies XML data to alter application behavior.
|
| gptkbp:has_weakness |
gptkb:CWE-22
gptkb:CWE-601 gptkb:CWE-703 gptkb:CWE-74 gptkb:CWE-117 gptkb:CWE-327 gptkb:CWE-611 gptkb:CWE-77 gptkb:CWE-94 gptkb:CWE-89 gptkb:CWE-20 CWE-78 |
| https://www.w3.org/2000/01/rdf-schema#label |
CWE-91
|
| gptkbp:impact |
Data integrity issues
Denial of service Information disclosure |
| gptkbp:is_described_as |
A weakness that allows an attacker to inject malicious XML into an application.
|
| gptkbp:is_protected_by |
Input validation
Output encoding Use of secure libraries |
| gptkbp:name |
XML Injection
|
| gptkbp:related_to |
gptkb:CWE-74
gptkb:CWE-20 |