secure-code-warrior-for-github[bot]
commented
3 years ago Micro-Learning Topic: Reflected Cross-Site Scripting (Detected by phrase)
Reflected cross-site scripting vulnerabilities occur when unescaped input is displayed in the resulting page displayed to the user. When HTML or script is included in the input, it will be processed by a user's browser as HTML or script and can alter the appearance of the page or execute malicious scripts in their user context.
Find the instances in the application where external input is displayed to users. Try to trace each value all the way from input to display and work out if any escaping or encoding is applied to prevent these values from being treated as raw HTML or script once it is written to the page. Pay special attention to the context of where the values are being written into a page as different contexts may have different encoding requirements. For example, a value written into a HTML tag attribute will require different encoding to a value written into a HTML tag value.
Level-up your secure coding prowess with language and framework specific gamified training.
Train Now
Thank you for participating in Secure Code Warrior Private Labs. Labs is where our more courageous warriors can play around with early releases of our new and exciting features.
PLease use training to fix cross sit scripting flaw