The product processes an XML document that can contain XML
entities with URLs that resolve to documents outside of the intended sphere of
control, causing the product to embed incorrect documents into its
The software constructs all or part of a code segment using
externally-influenced input from an upstream component, but it does not
neutralize or incorrectly neutralizes special elements that could modify the
syntax or behavior of the intended code segment.