Kotlin : XQuery injection
Classification
OWASP Top 10 2013 A1-Injection OWASP Top 10 2017 A1-Injection OWASP Top 10 2021 A3-Injection OWASP ASVS Validation, Sanitization and Encoding PCI DSS 4.0 6.2.4 HIPAA §164.312 (a)(1) §164.312 (d) CWE CWE-1027Overview
XQuery injection is a variant of the classic SQL-injection. The attack vector in that case is XML database.
The application executes an XQuery expression generated on the basis of data from an untrusted source. This allows an attacker to change the semantics of the expression or execute arbitrary XQuery expressions.