The application writes data from an untrusted source to XML file. This allows an attacker to change the structure and content of the file.

Applications typically use XML to store data or for messaging. In the first case, XML file is treated as a database and can contain valuable data. Web applications can also use massaging via XML for valuable data exchange.

An attacker who has the ability to write data to the XML document can change its semantics. In the most harmless case he/she can inject excess tags into the document, whereby the XML-parser exits with an error. In more serious cases, an attacker can add XML elements changing the authentication data, change data (such as prices, if we are talking about a database of a store). In some cases, XML Injection can lead to cross-site scripting (XSS) and remote code execution.

Scala : Undocumented feature: security parameters modification

DerScanner Severity Score

Do you want to fix Scala : Undocumented feature: security parameters modification in your application?

See also