search

dimihycks / WebGoat

WebGoat is a deliberately insecure application
https://owasp.org/www-project-webgoat/
Other
0 stars 0 forks source link

CX Client_DOM_Stored_XSS @ src/main/resources/webgoat/static/js/goatApp/support/GoatUtils.js [main] #29

Closed dimihycks closed 1 year ago

dimihycks commented 1 year ago

Client_DOM_Stored_XSS issue exists @ src/main/resources/webgoat/static/js/goatApp/support/GoatUtils.js in branch main

The method $.get embeds untrusted data in generated output with html, at line 57 of src\main\resources\webgoat\static\js\goatApp\support\GoatUtils.js. This untrusted data is embedded into the output without proper sanitization or encoding, enabling an attacker to inject malicious code into the generated web-page.Similarity ID: -520515239

Severity: High

CWE:79

Vulnerability details and guidance

Checkmarx

Training Recommended Fix

Lines: 56

Code (Line #56):

$.get(goatConstants.cookieService, {}, function(reply) {
dimihycks commented 1 year ago

Issue still exists.

dimihycks commented 1 year ago

Issue still exists.