WhiteSource SAST Security Report for Cross-site Scripting (CWE 79)
Latest Scan: 2022-03-02 07:30pm
New Vulnerabilities: 0
Total Vulnerabilities: 1
Scan URL:WhiteSource SAST
Vulnerability Description
Cross Site Scripting (XSS) vulnerability occurs when an application either does not perform or it performs incorrect neutralization (sanitization) of input data that is included in a web application response. As the result, an attacker is able to inject and execute arbitrary HTML and script code in a user's browser within the context of the vulnerable website. These attacks are often used to steal authentication credentials (e.g. session IDs in cookies). Depending on the vulnerability and the web application, it is also possible to completely alter the web page itself or control the victim's browser
WhiteSource SAST Security Report for Cross-site Scripting (CWE 79)
Latest Scan: 2022-03-02 07:30pm New Vulnerabilities: 0 Total Vulnerabilities: 1 Scan URL: WhiteSource SAST
Vulnerability Description
Cross Site Scripting (XSS) vulnerability occurs when an application either does not perform or it performs incorrect neutralization (sanitization) of input data that is included in a web application response. As the result, an attacker is able to inject and execute arbitrary HTML and script code in a user's browser within the context of the vulnerable website. These attacks are often used to steal authentication credentials (e.g. session IDs in cookies). Depending on the vulnerability and the web application, it is also possible to completely alter the web page itself or control the victim's browser
Compliance Standard Violations
Vulnerabilities
Details
java/org/owasp/webgoat/xxe/Ping.java:55
### Snippet ```Java File logFile = new File(webGoatHomeDirectory, "/XXE/log" + webSession.getUserName() + ".txt"); try { try (PrintWriter pw = new PrintWriter(logFile)) { pw.println(logLine); } ```Suppress Vulnerability
### Remediation RecommondationsSuppressed Vulnerabilities
None