Home / Vulnerability Database / C-sharp : XQuery injection

C-sharp : XQuery injection

Classification

OWASP Top 10 2013

A1-Injection

OWASP Top 10 2017

A1-Injection

OWASP Top 10 2021

A3-Injection

OWASP ASVS

Validation, Sanitization and Encoding

PCI DSS 4.0

6.2.4

HIPAA

§164.312 (a)(1)§164.312 (d)

CWE

CWE-1027

Overview

XQuery injection is a variant of the classic SQL-injection. The attack vector in that case is XML database.

The application executes an XQuery expression generated on the basis of data from an untrusted source. This allows an attacker to change the semantics of the expression or execute arbitrary XQuery expressions.

References

OWASP Top 10 2017-A1-Injection
WASC: XQuery Injection
CWE-652: Improper Neutralization of Data within XQuery Expressions (‘XQuery Injection’)
CWE CATEGORY: OWASP Top Ten 2017 Category A1 - Injection

MEDIUM

C-sharp : XQuery injection

Classification

Overview

References

DerScanner Severity Score

Do you want to fix C-sharp : XQuery injection in your application?

See also

C-sharp : JWT: None Algorithm

C-sharp : Insecure data transmission: Database

C-sharp : Only one of method Equals() and GetHashCode() defined