CAPEC-250: XML Injection
An attacker utilizes crafted XML user-controllable input to probe, attack, and inject data into the XML database, using techniques similar to SQL injection. The user-controllable input can allow for unauthorized viewing of data, bypassing authentication or the front-end application for direct XML database access, and possibly altering database information.
Likelihood
High
10
/ 100
low-risk
Active Threat
8/50 · Minimal
Exploit Availability
2/50 · Minimal