CWE-112 - Missing XML Validation

CWE-112

Abstraction:
Base

Structure:
Simple

Status:
Draft

Weakness Name: Missing XML Validation

Description: The product accepts XML from an untrusted source but does not validate the XML against the proper schema.
Most successful attacks begin with a violation of the programmer's assumptions. By accepting an XML document without validating it against a DTD or XML schema, the programmer leaves a door open for attackers to provide unexpected, unreasonable, or malicious input.

Common Consequences: Scope: Integrity
Impact: Unexpected State

Related Weaknesses

CWE-20Improper Input ValidationHigh

CWE-1286Improper Validation of Syntactic Correctness of Input

Release Date:
2006-07-19

Latest Modification Date:
2023-06-29

Free security scan for your website

Don't show website scan report rating on the leaderboard