Inappropriate_Encoding_for_Output_Context issue exists @ dvwa/includes/dvwaPage.inc.php in branch master
The application uses htmlspecialchars function, at line 503 of dvwa\includes\dvwaPage.inc.php, to encode user input which was received earlier. However, encoding function is faulty and does not encode all input properly. The application then sends the partially encoded input, to the response web page that is output back to the client. This may enable a Cross-Site-Scripting attack.
cxdcox
commented
4 years ago
Inappropriate_Encoding_for_Output_Context issue exists @ dvwa/includes/dvwaPage.inc.php in branch master
The application uses htmlspecialchars function, at line 503 of dvwa\includes\dvwaPage.inc.php, to encode user input which was received earlier. However, encoding function is faulty and does not encode all input properly. The application then sends the partially encoded input, to the response web page that is output back to the client. This may enable a Cross-Site-Scripting attack.
Severity: Medium
CWE:838
Checkmarx
Lines: 512 511
Code (Line #512):
Code (Line #511):