CX Client_DOM_Stored_XSS @ src/main/resources/lessons/csrf/js/csrf-review.js [main]

[dimihycks]

Client_DOM_Stored_XSS issue exists @ src/main/resources/lessons/csrf/js/csrf-review.js in branch main

The method $.get embeds untrusted data in generated output with append, at line 41 of src\main\resources\lessons\csrf\js\csrf-review.js. This untrusted data is embedded into the output without proper sanitization or encoding, enabling an attacker to inject malicious code into the generated web-page.Similarity ID: -18618495

Severity: High

CWE:79

Vulnerability details and guidance

Checkmarx

Training Recommended Fix

Lines: 35

---

Code (Line #35):

$.get('csrf/review', function (result, status) {

---

[dimihycks]

Issue still exists.

[dimihycks]

Issue still exists.