Vulnerability

OSSINDEX-d093-0e6b-3210

CVSS Score

Unscored

CVSS Vector

Not Recorded

CWE

Not Recorded

Description

Possible XML Injection

> `org.codehaus.plexus.util.xml.XmlWriterUtil#writeComment(XMLWriter, String, int, int, int)` does not check if the comment includes a `"-->"` sequence. This means that text contained in the command string could be interpreted as XML, possibly leading to XML injection issues, depending on how this method is being called. > > -- [github.com](https://github.com/codehaus-plexus/plexus-utils/issues/3)

Sign in and get help with:

  • Vulnerability details for your components
  • Affected components
  • Affected versions