Description

In the source code the information of some HTTP headers is not being validated, so different values could be injected in order to achieve some XSS attack or compromise the integrity of the stored information.

Impact

Inject potentially dangerous characters into application fields.

Recommendation

Validate on the server side the types of data that are entered into different kind of fields in the application.

Threat

Authorized user from the Internet.

Expected Remediation Time

⏱️ 60 minutes.

Requirements

Fixes