...
[Prevention of XPath injection] requires the following characters to be removed (ie, prohibited) or properly escaped:
< > / ' = "to prevent straight parameter injection- XPath queries should not contain any meta characters (such as
' = * ? //or similar)- XSLT expansions should not contain any user input, or if they do, [you should] comprehensively test the existence of the file, and ensure that the files are within the bounds set by the Java 2 Security Policy.
...
Applicability
Failure to validate user input may result in information disclosure and execution of unprivileged code.
Guideline | Severity | Likelihood | Remediation Cost | Priority | Level |
|---|---|---|---|---|---|
IDS52-JG | medium | probable | medium | P8 | L2 |
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this guideline on the CERT website.
Bibliography
[Fortify 2008] "Input Validation and Representation: XML Injection"
[MITRE 2009] CWE ID 643 "Failure to Sanitize Data within XPath Expressions (aka 'XPath injection')"
[OWASP 2005] Testing for XPath Injection
[Sen 2007]
[Sun 2006] Ensure Data Security
...