XML Injection Vulnerability in codehaus-plexus

XML Injection Vulnerability in codehaus-plexus

CVE-2022-4245 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

A flaw was found in codehaus-plexus. The org.codehaus.plexus.util.xml.XmlWriterUtil#writeComment fails to sanitize comments for a --> sequence. This issue means that text contained in the command string could be interpreted as XML and allow for XML injection.

Learn more about our Web Application Penetration Testing UK.