CX Client_DOM_Stored_XSS @ webgoat-lessons/client-side-filtering/src/main/resources/js/clientSideFiltering.js [main]

wwesleyalves commented 1 year ago

Client_DOM_Stored_XSS issue exists @ webgoat-lessons/client-side-filtering/src/main/resources/js/clientSideFiltering.js in branch main

The method $.get embeds untrusted data in generated output with innerHTML, at line 38 of webgoat-lessons\client-side-filtering\src\main\resources\js\clientSideFiltering.js. This untrusted data is embedded into the output without proper sanitization or encoding, enabling an attacker to inject malicious code into the generated web-page.Similarity ID: 1309736706

Severity: High

CWE:79

Vulnerability details and guidance

Checkmarx

Training Recommended Fix

Lines: 17

Code (Line #17):

$.get("clientSideFiltering/salaries?userId=" + userId, function (result, status) {

wwesleyalves commented 1 year ago

Issue still exists.

wwesleyalves commented 1 year ago

Issue still exists.

wwesleyalves commented 1 year ago

Issue still exists.

wwesleyalves commented 1 year ago

Issue still exists.

wwesleyalves / WebGoat2

CX Client_DOM_Stored_XSS @ webgoat-lessons/client-side-filtering/src/main/resources/js/clientSideFiltering.js [main] #17