CWE-112 - Missing XML Validation

Weakness Name

Missing XML Validation

Description

The product accepts XML from an untrusted source but does not validate the XML against the proper schema.

Most successful attacks begin with a violation of the programmer's assumptions. By accepting an XML document without validating it against a DTD or XML schema, the programmer leaves a door open for attackers to provide unexpected, unreasonable, or malicious input.

Common Consequences

Related Weaknesses

CWE-20Improper Input ValidationHigh

CWE-1286Improper Validation of Syntactic Correctness of Input