search

dimihycks / WebGoat

WebGoat is a deliberately insecure application
https://owasp.org/www-project-webgoat/
Other
0 stars 0 forks source link

CX Client_DOM_Stored_XSS @ src/main/resources/lessons/sqlinjection/js/assignment13.js [main] #30

Closed dimihycks closed 1 year ago

dimihycks commented 1 year ago

Client_DOM_Stored_XSS issue exists @ src/main/resources/lessons/sqlinjection/js/assignment13.js in branch main

The method $.get embeds untrusted data in generated output with append, at line 57 of src\main\resources\lessons\sqlinjection\js\assignment13.js. This untrusted data is embedded into the output without proper sanitization or encoding, enabling an attacker to inject malicious code into the generated web-page.Similarity ID: 1637490224

Severity: High

CWE:79

Vulnerability details and guidance

Checkmarx

Training Recommended Fix

Lines: 43

Code (Line #43):

$.get("SqlInjectionMitigations/servers?column=" + column, function (result, status) {
dimihycks commented 1 year ago

Issue still exists.

dimihycks commented 1 year ago

Issue still exists.