CX Client_DOM_Stored_XSS @ src/main/resources/lessons/jwt/js/jwt-voting.js [main]

dimihycks commented 1 year ago

Client_DOM_Stored_XSS issue exists @ src/main/resources/lessons/jwt/js/jwt-voting.js in branch main

The method $.get embeds untrusted data in generated output with append, at line 63 of src\main\resources\lessons\jwt\js\jwt-voting.js. This untrusted data is embedded into the output without proper sanitization or encoding, enabling an attacker to inject malicious code into the generated web-page.Similarity ID: 1536982501

Severity: High

CWE:79

Vulnerability details and guidance

Checkmarx

Training Recommended Fix

Lines: 43

Code (Line #43):

$.get("JWT/votings", function (result, status) {

dimihycks commented 1 year ago

Issue still exists.

dimihycks commented 1 year ago

Issue still exists.

dimihycks / WebGoat

CX Client_DOM_Stored_XSS @ src/main/resources/lessons/jwt/js/jwt-voting.js [main] #11