Stored_XSS issue exists @ App_Code/DB/SqliteDbProvider.cs in branch master
Method GetEmailByCustomerNumber at line 503 of App_Code\DB\SqliteDbProvider.cs gets data from the database, for the ExecuteScalar element. This element’s value then flows through the code without being properly filtered or encoded and is eventually displayed to the user in method btnFind_Click at line 23 of Content\SQLInjectionDiscovery.aspx.cs. This may enable a Stored Cross-Site-Scripting attack.
Stored_XSS issue exists @ App_Code/DB/SqliteDbProvider.cs in branch master
Method GetEmailByCustomerNumber at line 503 of App_Code\DB\SqliteDbProvider.cs gets data from the database, for the ExecuteScalar element. This element’s value then flows through the code without being properly filtered or encoded and is eventually displayed to the user in method btnFind_Click at line 23 of Content\SQLInjectionDiscovery.aspx.cs. This may enable a Stored Cross-Site-Scripting attack.
Severity: High
CWE:79
Checkmarx
Lines: 513
Code (Line #513):