search

trevorghess / movie-database

4 stars 4 forks source link

CWE-79 found in code base - not a real issue #6

Open trevorghess opened 1 year ago

trevorghess commented 1 year ago

Untrusted user input in response will result in reflected cross site scripting vulnerability

secure-code-warrior-for-github[bot] commented 1 year ago

Micro-Learning Topic: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') (CWE 79)

Matched on "CWE-79"

What is this? (2min video)

The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

Try a challenge in Secure Code Warrior

Helpful references

Micro-Learning Topic: Cross-site scripting (Detected by phrase)

Matched on "cross site scripting"

What is this? (2min video)

Cross-site scripting vulnerabilities occur when unescaped input is rendered into a page displayed to the user. When HTML or script is included in the input, it will be processed by a user's browser as HTML or script and can alter the appearance of the page or execute malicious scripts in their user context.

Try a challenge in Secure Code Warrior

Helpful references

Micro-Learning Topic: Reflected cross-site scripting (Detected by phrase)

Matched on "reflected cross site scripting"

What is this? (2min video)

Reflected cross-site scripting vulnerabilities occur when unescaped input is displayed in the resulting page displayed to the user. When HTML or script is included in the input, it will be processed by a user's browser as HTML or script and can alter the appearance of the page or execute malicious scripts in their user context.

Try a challenge in Secure Code Warrior