OWASP Periodic Table of Vulnerabilities - Routing Detour
Root Cause Summary
This is a man in the middle type of attack, where (XML) content processors can be injected to route sensitive information to an attacker-controlled outside location. The attacker can modify the contents of the package and send it back to the original processor, unaware of the modifications.
Browser / Standards Solution
Use SSL/TLS for connections between all trusted locations, and verify each host.
Generic Framework Solution
Custom Framework Solution
Custom Code Solution
Discussion / Controversy
This is actually a type of attack and not a vulnerability