Reflected cross-site scripting (XSS)
Description
The web application dynamically generates web content without validating the source of the potentially untrusted data.
Impact
Generate web pages that could contain malicious scripts injected into untrusted data.
Recommendation
Perform input data validations on the server-side to avoid common script injection attacks.
Threat
Authenticated attacker from the Internet.
Expected Remediation Time
⏱️ 45 minutes.
Rules
Go User Input As Safe TypeTypescript Client Css InjectionPhp Reflected Xss Unsanitized EchoJavascript Insecure Sce ConfigurationJava Reflected Xss Header UnsanitizedRuby Reflected Xss User InputPhp Unescaped Blade XssC Sharp Request Validation DisabledJava Spring Mvc Css InjectionSwift Deprecated Webview UsageTypescript Unsafe Input Resource InjectionSwift Webview Xss InjectionRuby Xss In Raw HelperKotlin Reflected Xss Unsanitized InputC Sharp User Input In ContentRuby Xss Insecure Html SafeC Sharp Unvalidated Output In ResponseScala User Input Reflected XssJavascript Client Css InjectionPython Flask Reflected XssDart Xss From Webview InjectionJavascript Unsafe Input Resource InjectionPython Django Reflected XssC Sharp User Input Generate Improper OutputC Sharp Reflected Xss Request Form