CWE-643 – Improper Neutralization of Data within XPath Expressions (‘XPath Injection’)
Description The software uses external input to dynamically construct an XPath expression used to retrieve data from an XML database, but it does not neutralize...