CWE-112 – Missing XML Validation

Read Time:26 Second

Description

The software accepts XML from an untrusted source but does not validate the XML against the proper schema.

Most successful attacks begin with a violation of the programmer’s assumptions. By accepting an XML document without validating it against a DTD or XML schema, the programmer leaves a door open for attackers to provide unexpected, unreasonable, or malicious input.

Modes of Introduction:

– Implementation

 

 

Related Weaknesses

CWE-1286
CWE-20

 

Consequences

Integrity: Unexpected State

 

Potential Mitigations

Phase: Architecture and Design

Description: 

CVE References