You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Reflected Cross Site Scripting in /vulnerabilities/xss.js
Fixability: we don't have available fix now Overview:
Found reflected xss, in the sink function res.send
The parameter req.query.name is most likely controlled by users and can be injected by exploits like this:- req.query.name = <script>alert(document.cookie)</script> req.query.name = <img src=/ onerror=alert(document.cookie)
Fix
Validate user parameter req.query.name in line 4 to be safe from javascript code that used by function res.send.
ghost
closed this as
Reflected Cross Site Scripting in /vulnerabilities/xss.js
Fixability: we don't have available fix now
Overview:
Found reflected xss, in the sink function
res.sendThe parameter
req.query.nameis most likely controlled by users and can be injected by exploits like this:-req.query.name=<script>alert(document.cookie)</script>req.query.name=<img src=/ onerror=alert(document.cookie)Fix
req.query.namein line 4 to be safe from javascript code that used by functionres.send.crazy-vulnerable-nodejs-application/vulnerabilities/xss.js
Line 4 in 0f98947
refrence id: 253715876755738992
What do you want me to do next?
details
@shieldfy detailsignore
@shieldfy ignore?The text was updated successfully, but these errors were encountered: