BleDummy1 / DummyRepo2

0 stars 0 forks source link

discovered on asset mail.breachlock.com #125

Closed BleDummy1 closed 2 months ago

BleDummy1 commented 3 months ago

The web application is vulnerable to a non-persistent cross-site scripting (XSS) attack. This vulnerability arises when the website returns some input it receives via a user-supplied parameter (such as a search query) as part of a subsequent response, without sanitizing that input first. As a result, any malicious JavaScript supplied in that parameter is "reflected" back into the user's browser, where it is then executed.

Severity: Medium

CVSS Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS Score: 4.9

Recommendation: Ensure that user input is sanitized (i.e. has HTML/JavaScript removed) before it is included in subsequent responses.