Heuristic_Stored_XSS issue exists @ WebGoatCoins/ForgotPassword.aspx.cs in branch master
Method ButtonCheckEmail_Click at line 26 of WebGoatCoins\ForgotPassword.aspx.cs gets data from the database, for the GetSecurityQuestionAndAnswer element. This element’s value then flows through the code without being properly filtered or encoded and is eventually displayed to the user in method ButtonCheckEmail_Click at line 26 of WebGoatCoins\ForgotPassword.aspx.cs. This may enable a Stored Cross-Site-Scripting attack.
Heuristic_Stored_XSS issue exists @ WebGoatCoins/ForgotPassword.aspx.cs in branch master
Method ButtonCheckEmail_Click at line 26 of WebGoatCoins\ForgotPassword.aspx.cs gets data from the database, for the GetSecurityQuestionAndAnswer element. This element’s value then flows through the code without being properly filtered or encoded and is eventually displayed to the user in method ButtonCheckEmail_Click at line 26 of WebGoatCoins\ForgotPassword.aspx.cs. This may enable a Stored Cross-Site-Scripting attack.
Severity: Low
CWE:79
Checkmarx
Lines: 32
Code (Line #32):