search

dimihycks / WebGoat

WebGoat is a deliberately insecure application
https://owasp.org/www-project-webgoat/
Other
0 stars 0 forks source link

CX Client_DOM_Stored_XSS @ src/main/resources/lessons/challenges/js/challenge8.js [main] #8

Closed dimihycks closed 1 year ago

dimihycks commented 1 year ago

Client_DOM_Stored_XSS issue exists @ src/main/resources/lessons/challenges/js/challenge8.js in branch main

*The method $.get embeds untrusted data in generated output with html, at line 18 of src\main\resources\lessons\challenges\js\challenge8.js. This untrusted data is embedded into the output without proper sanitization or encoding, enabling an attacker to inject malicious code into the generated web-page.Similarity ID: -1799296224

The method $.get embeds untrusted data in generated output with html, at line 52 of src\main\resources\lessons\challenges\js\challenge8.js. This untrusted data is embedded into the output without proper sanitization or encoding, enabling an attacker to inject malicious code into the generated web-page.Similarity ID: 1145794456*

Severity: High

CWE:79

Vulnerability details and guidance

Checkmarx

Training Recommended Fix

Lines: 7 46

Code (Line #7):

$.get("challenge/8/votes/", function (votes) {

Code (Line #46):

$.get("challenge/8/vote/" + stars, function (result) {
dimihycks commented 1 year ago

Issue still exists.

dimihycks commented 1 year ago

Issue still exists.

dimihycks commented 1 year ago

Issue still exists.