Stored_XSS issue exists @ search.ts in branch main
The method Lambda embeds untrusted data in generated output with json, at line 56 of /routes/search.ts. This untrusted data is embedded into the output without proper sanitization or encoding, enabling an attacker to inject malicious code into the generated web-page.
The attacker would be able to alter the returned web page by saving malicious data in a data-store ahead of time. The attacker's modified data is then read from the database by the Lambda method with CxArrayParam1, at line 16 of /routes/search.ts. This untrusted data then flows through the code straight to the output web page, without sanitization.
This can enable a Stored Cross-Site Scripting (XSS) attack.
Stored_XSS issue exists @ search.ts in branch main
The method Lambda embeds untrusted data in generated output with json, at line 56 of /routes/search.ts. This untrusted data is embedded into the output without proper sanitization or encoding, enabling an attacker to inject malicious code into the generated web-page.
The attacker would be able to alter the returned web page by saving malicious data in a data-store ahead of time. The attacker's modified data is then read from the database by the Lambda method with CxArrayParam1, at line 16 of /routes/search.ts. This untrusted data then flows through the code straight to the output web page, without sanitization.
This can enable a Stored Cross-Site Scripting (XSS) attack.
Namespace: westonphillips Repository: CheckmarxOnePOV Repository Url: https://github.com/westonphillips/CheckmarxOnePOV CxAST-Project: westonphillips/CheckmarxOnePOV CxAST platform scan: 6a8170d0-38fa-4efc-81df-42628474102c Branch: main Application: CheckmarxOnePOV Severity: HIGH State: TO_VERIFY Status: RECURRENT CWE: 79 Lines: 16
References Read more