mariana-bteixeira
commented
9 months ago Issue still exists.
Open mariana-bteixeira opened 9 months ago
mariana-bteixeira
commented
9 months ago Issue still exists.
Stored_XSS issue exists @ projects/Todo_app/app.py in branch master
*The method %} embeds untrusted data in generated output with task, at line 50 of projects\Todo_app\templates\index.html. This untrusted data is embedded into the output without proper sanitization or encoding, enabling an attacker to inject malicious code into the generated web-page.The attacker would be able to alter the returned web page by saving malicious data in a data-store ahead of time. The attacker's modified data is then read from the database by the index method with all, at line 33 of projects\Todo_app\app.py. This untrusted data then flows through the code straight to the output web page, without sanitization. This can enable a Stored Cross-Site Scripting (XSS) attack.Similarity ID: 382715550
The method %} embeds untrusted data in generated output with task, at line 51 of projects\Todo_app\templates\index.html. This untrusted data is embedded into the output without proper sanitization or encoding, enabling an attacker to inject malicious code into the generated web-page.The attacker would be able to alter the returned web page by saving malicious data in a data-store ahead of time. The attacker's modified data is then read from the database by the index method with all, at line 33 of projects\Todo_app\app.py. This untrusted data then flows through the code straight to the output web page, without sanitization. This can enable a Stored Cross-Site Scripting (XSS) attack.Similarity ID: 2108549193
The method %} embeds untrusted data in generated output with task, at line 55 of projects\Todo_app\templates\index.html. This untrusted data is embedded into the output without proper sanitization or encoding, enabling an attacker to inject malicious code into the generated web-page.The attacker would be able to alter the returned web page by saving malicious data in a data-store ahead of time. The attacker's modified data is then read from the database by the index method with all, at line 33 of projects\Todo_app\app.py. This untrusted data then flows through the code straight to the output web page, without sanitization. This can enable a Stored Cross-Site Scripting (XSS) attack.Similarity ID: 382715550
The method %} embeds untrusted data in generated output with task, at line 56 of projects\Todo_app\templates\index.html. This untrusted data is embedded into the output without proper sanitization or encoding, enabling an attacker to inject malicious code into the generated web-page.The attacker would be able to alter the returned web page by saving malicious data in a data-store ahead of time. The attacker's modified data is then read from the database by the index method with all, at line 33 of projects\Todo_app\app.py. This untrusted data then flows through the code straight to the output web page, without sanitization. This can enable a Stored Cross-Site Scripting (XSS) attack.Similarity ID: 2108549193
The method %} embeds untrusted data in generated output with task, at line 50 of projects\Todo_app\templates\index.html. This untrusted data is embedded into the output without proper sanitization or encoding, enabling an attacker to inject malicious code into the generated web-page.The attacker would be able to alter the returned web page by saving malicious data in a data-store ahead of time. The attacker's modified data is then read from the database by the update method with all, at line 60 of projects\Todo_app\app.py. This untrusted data then flows through the code straight to the output web page, without sanitization. This can enable a Stored Cross-Site Scripting (XSS) attack.Similarity ID: -7340600
The method %} embeds untrusted data in generated output with task, at line 51 of projects\Todo_app\templates\index.html. This untrusted data is embedded into the output without proper sanitization or encoding, enabling an attacker to inject malicious code into the generated web-page.The attacker would be able to alter the returned web page by saving malicious data in a data-store ahead of time. The attacker's modified data is then read from the database by the update method with all, at line 60 of projects\Todo_app\app.py. This untrusted data then flows through the code straight to the output web page, without sanitization. This can enable a Stored Cross-Site Scripting (XSS) attack.Similarity ID: 926743795
The method %} embeds untrusted data in generated output with task, at line 55 of projects\Todo_app\templates\index.html. This untrusted data is embedded into the output without proper sanitization or encoding, enabling an attacker to inject malicious code into the generated web-page.The attacker would be able to alter the returned web page by saving malicious data in a data-store ahead of time. The attacker's modified data is then read from the database by the update method with all, at line 60 of projects\Todo_app\app.py. This untrusted data then flows through the code straight to the output web page, without sanitization. This can enable a Stored Cross-Site Scripting (XSS) attack.Similarity ID: -7340600
The method %} embeds untrusted data in generated output with task, at line 56 of projects\Todo_app\templates\index.html. This untrusted data is embedded into the output without proper sanitization or encoding, enabling an attacker to inject malicious code into the generated web-page.The attacker would be able to alter the returned web page by saving malicious data in a data-store ahead of time. The attacker's modified data is then read from the database by the update method with all, at line 60 of projects\Todo_app\app.py. This untrusted data then flows through the code straight to the output web page, without sanitization. This can enable a Stored Cross-Site Scripting (XSS) attack.Similarity ID: 926743795*
Severity: High
CWE:79
Vulnerability details and guidance
Internal Guidance
Checkmarx
Training Recommended Fix
Lines: 33 60
Code (Line #33):
Code (Line #60):