The following code is vulnerable to an XML injection vulnerability because it
builds an XML string from user input without prior sanitation or validation.
Therefore, an attacker can submit a tainted value that will tamper with the
corresponding XML document structure.