search

kmcdon83 / DVWA

Damn Vulnerable Web Application (DVWA)
http://dvwa.co.uk
GNU General Public License v3.0
0 stars 1 forks source link

CX Reflected_XSS_All_Clients @ vulnerabilities/csp/source/jsonp.php [master] #11

Open ghost opened 4 years ago

ghost commented 4 years ago

Reflected_XSS_All_Clients issue exists @ vulnerabilities/csp/source/jsonp.php in branch master

Method <?php at line 1 of vulnerabilities\csp\source\jsonp.php gets user input for the _GET element. This element’s value then flows through the code without being properly sanitized or validated and is eventually displayed to the user in method <?php at line 1 of vulnerabilities\csp\source\jsonp.php. This may enable a Cross-Site-Scripting attack.

Severity: High

CWE:79

Vulnerability details and guidance

Internal Guidance

Checkmarx

Training Recommended Fix

Lines: 5

Code (Line #5):

    $callback = $_GET['callback'];
ghost commented 4 years ago

Issue still exists.

ghost commented 4 years ago

Issue still exists.

ghost commented 4 years ago

Issue still exists.

ghost commented 4 years ago

Issue still exists.