Home/Alerts/Alert detail/

SOAP XML Injection

Risk:
High

Type:
Active

Summary: Some XML injected code has been interpreted by the server.

Solution: Use a detailed description of SOAP attributes in the WSDL file.

Other info: Some XML injected code has been interpreted by the server.

References: https://www.nds.ruhr-uni-bochum.de/media/nds/veroeffentlichungen/2012/07/11/camera-ready.pdf

Latest Security News

Beware: PayPal "New Address" feature abused to send phishing emails

Fake CS2 tournament streams used to steal crypto, Steam accounts

Bybit Confirms Record-Breaking $1.46 Billion Crypto Heist in Sophisticated Cold Wallet Attack

OpenAI Bans Accounts Misusing ChatGPT for Surveillance and Influence Campaigns

Google Chrome disables uBlock Origin for some in Manifest v3 rollout

SpyLend Android malware downloaded 100,000 times from Google Play

Hacker steals record $1.46 billion from Bybit ETH cold wallet

Apple Drops iCloud's Advanced Data Protection in the U.K. Amid Encryption Backdoor Demands

Top Alert List

Content Security Policy (CSP) Header Not Set

CSP

MediumMissing Anti-clickjacking Header

InformationalInformation Disclosure - Suspicious Comments

MediumAbsence of Anti-CSRF Tokens

MediumContent Security Policy (CSP) Header Not Set

LowCross-Domain JavaScript Source File Inclusion

HighPII Disclosure

InformationalModern Web Application

LowX-Content-Type-Options Header Missing

Latest CVE List

CVE-2025-24989 Microsoft Power Pages Improper Access Control Vulnerability

CVE-2025-23209 Craft CMS Code Injection Vulnerability

CVE-2025-0111 Palo Alto Networks PAN-OS File Read Vulnerability

CVE-2024-53704 SonicWall SonicOS SSLVPN Improper Authentication Vulnerability

CVE-2025-0108 Palo Alto Networks PAN-OS Authentication Bypass Vulnerability

CVE-2024-57727 SimpleHelp Path Traversal Vulnerability

CVE-2024-41710 Mitel SIP Phones Argument Injection Vulnerability

CVE-2025-24200 Apple iOS and iPadOS Incorrect Authorization Vulnerability

CVE-2025-21391 Microsoft Windows Storage Link Following Vulnerability

CVE-2025-21418 Microsoft Windows Ancillary Function Driver for WinSock Heap-Based Buffer Overflow Vulnerability

Common CWEs

CWE-87 Improper Neutralization of Alternate XSS Syntax

CWE-260 Password in Configuration File

CWE-926 Improper Export of Android Application Components

CWE-827 Improper Control of Document Type Definition

CWE-520 .NET Misconfiguration: Use of Impersonation

CWE-473 PHP External Variable Modification

CWE-14 Compiler Removal of Code to Clear Buffers

CWE-35 Path Traversal: '.../...//'

CWE-463 Deletion of Data Structure Sentinel

HighCWE-209 Generation of Error Message Containing Sensitive Information

Free online web security scanner

Don't show website scan report rating on the leaderboard