XSS Via XML Value Processing

XXE is not the only vulnerability that can be introduced to a web application when processing XML files. If the values within strings are not handled correctly, it may also be possible for an attacker to introduce a cross-site scripting payload that could be triggered any under circumstance where the value is returned to a user.

Let’s take a look at an example of this in from a recent web application test.

The application itself allowed an end user to import an XML file from which it returned information to users in other areas of the application at a…