Details
Alert ID 90029
Alert Type Active
Status beta
Risk High
CWE
WASC
Technologies Targeted All
Tags OWASP_2017_A01
OWASP_2021_A03
POLICY_API
POLICY_DEV_CICD
POLICY_DEV_FULL
POLICY_DEV_STD
POLICY_PENTEST
POLICY_QA_FULL
POLICY_QA_STD
POLICY_SEQUENCE
More Info Scan Rule Help

Summary

Some XML injected code has been interpreted by the server.

Solution

Use a detailed description of SOAP attributes in the WSDL file.

Other Info

Some XML injected code has been interpreted by the server.

References

Code

org/zaproxy/zap/extension/soap/SOAPXMLInjectionActiveScanRule.java