Name: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Description: The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
Description: The software prepares a structured message for communication with another component, but encoding or escaping of the data is either missing or done incorrectly. As a result, the intended structure of the message is not preserved.
Name: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
Description: The software receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special characters such as "<", ">", and "&" that could be interpreted as web-scripting elements when they are sent to a downstream component that processes web pages.
Due Date: 2022-10-08
A medium severity vulnerability has been discovered in your project.
Project Name: twrap-go
Scanner Name: nessuspro
Cwe ID: 79
Cwe Name: Improper Neutralization of Input During Web Page Generation (Cross Site Scripting)
Cwe Link: https://cwe.mitre.org/data/definitions/79.html
Target: - : 443
CVE: CVE-1999-0524
Service: www
Exploitable: true
Protocol: http
Training(Secure Code Warrior):
Name: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Description: The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
Link: https://portal.securecodewarrior.com/?utm_source=partner-integration:kondukto#/contextual-microlearning/web/xss
Videos:
Name: Improper Encoding or Escaping of Output
Description: The software prepares a structured message for communication with another component, but encoding or escaping of the data is either missing or done incorrectly. As a result, the intended structure of the message is not preserved.
Link: https://portal.securecodewarrior.com/?utm_source=partner-integration:kondukto#/contextual-microlearning/web/injection
Videos:
Name: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
Description: The software receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special characters such as "<", ">", and "&" that could be interpreted as web-scripting elements when they are sent to a downstream component that processes web pages.
Link: https://portal.securecodewarrior.com/?utm_source=partner-integration:kondukto#/contextual-microlearning/web/xss
Videos:
Tool Description: might be harmful, better be cautious
Custom Description: test
Kondukto Link: http://79.kondukto.local/projects/634fe837a5be8478724352c4/vulns/infra?page=1&perPage=15&id=in:6358e1cf7d677763b16b6e9f Deeplink: