• This script is possibly vulnerable to XPath Injection attacks.
  
  XPath Injection is an attack technique used to exploit web sites that construct XPath queries from user-supplied input.

• Your script should filter metacharacters from user input.

• • XPath injection in XML databases

• 

• CWE-643

• CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

• Xpath Injection