CX Cookie_Injection @ WebGoatCoins/CustomerLogin.aspx.cs [master]

jbruinaud / WebGoatNet

WebGoat .Net for demos

0 stars 0 forks source link

CX Cookie_Injection @ WebGoatCoins/CustomerLogin.aspx.cs [master] #109

Open jbruinaud opened 4 years ago

jbruinaud commented 4 years ago

Cookie_Injection issue exists @ WebGoatCoins/CustomerLogin.aspx.cs in branch master

The input Text retrieved by ButtonLogOn_Click in WebGoatCoins\CustomerLogin.aspx.cs at line 31 does not properly sanitize the input before setting it in a cookie using ButtonLogOn_Click at WebGoatCoins\CustomerLogin.aspx.cs in line 31.

Severity: Medium

CWE:20

Checkmarx

Lines: 33

Code (Line #33):

            string email = txtUserName.Text;

jbruinaud commented 4 years ago

Issue still exists.

SUMMARY

Issue has total 1 vulnerabilities left to be fix (Please scroll to the top for more information)