XPath injections occur in an application when the application retrieves
untrusted data and inserts it into an XML Path (XPath) query without sanitizing
it first.