Reflected_XSS_All_Clients issue exists @ WebGoat/Content/PathManipulation.aspx.cs in branch master
Method Page_Load at line 13 of WebGoat\Content\PathManipulation.aspx.cs gets user input for the QueryString_filename element. This element’s value then flows through the code without being properly sanitized or validated and is eventually displayed to the user in method Page_Load at line 13 of WebGoat\Content\PathManipulation.aspx.cs. This may enable a Cross-Site-Scripting attack.
Reflected_XSS_All_Clients issue exists @ WebGoat/Content/PathManipulation.aspx.cs in branch master
Method Page_Load at line 13 of WebGoat\Content\PathManipulation.aspx.cs gets user input for the QueryString_filename element. This element’s value then flows through the code without being properly sanitized or validated and is eventually displayed to the user in method Page_Load at line 13 of WebGoat\Content\PathManipulation.aspx.cs. This may enable a Cross-Site-Scripting attack.
Severity: High
CWE:79
Vulnerability details and guidance
Checkmarx
Lines: 33
Code (Line #33):