Client_Potential_XSS issue exists @ webgoat-lessons/csrf/src/main/resources/js/csrf-review.js in branch develop
The application's $.get embeds untrusted data in the generated output with append, at line 35 of webgoat-lessons\csrf\src\main\resources\js\csrf-review.js. This untrusted data is embedded straight into the output without proper sanitization or encoding, enabling an attacker to inject malicious code into the output.
Client_Potential_XSS issue exists @ webgoat-lessons/csrf/src/main/resources/js/csrf-review.js in branch develop
The application's $.get embeds untrusted data in the generated output with append, at line 35 of webgoat-lessons\csrf\src\main\resources\js\csrf-review.js. This untrusted data is embedded straight into the output without proper sanitization or encoding, enabling an attacker to inject malicious code into the output.
Severity: Medium
CWE:79
Vulnerability details and guidance
Internal Guidance
Checkmarx
Training Recommended Fix
Lines: 39
Code (Line #39):