Accessing /Common/PopUps/popDefinition.aspx without providing the id attribute results in a 500 error. Security scan flags this and wants it suppressed. Nothing vulnerable is exposed.
Technically a 400 response would probably be more appropriate here as the request is bad without the ID.
Remedy
Throw a 400 response instead of a 500 response when no ID is provided.
Incidentally, I'd be inclined to log this one as a "we know but it's not worth fixing" if it is any harder than just changing a 5 to a 4 (or whatever the equivalent string values are) in the code.
Accessing
/Common/PopUps/popDefinition.aspx
without providing theid
attribute results in a500
error. Security scan flags this and wants it suppressed. Nothing vulnerable is exposed.Technically a
400
response would probably be more appropriate here as the request is bad without the ID.Remedy
Throw a
400
response instead of a500
response when no ID is provided.