XPath Injection

Description

It is possible to inject XPath queries into the application. This may be used to read sensitive data without authorization.

Requirements

• 173. Discard unsafe inputs