secure-code-warrior-for-github[bot]
commented
3 years ago Based on output from pull request status check:
Micro-Learning Topic: Cross-site scripting (Detected by phrase)
Reflected cross-site scripting vulnerabilities occur when unescaped input is displayed in the resulting page displayed to the user. When HTML or script is included in the input, it will be processed by a user's browser as HTML or script and can alter the appearance of the page or execute malicious scripts in their user context.
Try this challenge in Secure Code Warrior
Micro-Learning Topic: SQL injection (Detected by phrase)
This is probably one of the two most exploited vulnerabilities in web applications and has led to a number of high profile company breaches. It occurs when an application fails to sanitize or validate input before using it to dynamically construct a statement. An attacker that exploits this vulnerability will be able to gain access to the underlying database and view or modify data without permission.
some fix