Python Flask Reflected Xss
Description
Detects potential Reflected Cross-Site Scripting (XSS) vulnerabilities in Flask applications where user input could be returned unescaped in HTTP responses. This allows attackers to inject malicious scripts that execute in users' browsers when the response is rendered.
Detection Strategy
• Check if Flask framework is imported in the codebase
• Identify Flask route handler functions (decorated with @route)
• Within route handlers, locate return statements that may contain unescaped user input
• Report vulnerability if the route handler returns content without proper HTML escaping or sanitization
Vulnerable code example
from flask import Flask, request
app = Flask(__name__)
@app.route('/vuln')
def vuln():
user = request.args.get('user')
return f"<html><body>Hello {user}</body></html>" # Vulnerable: Direct user input interpolation enables XSS✅ Secure code example
from flask import Flask, request
from markupsafe import escape # Import escape for HTML escaping
app = Flask(__name__)
@app.route('/vuln')
def vuln():
user = request.args.get('user', '') # Add default empty string...Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.