Reflected_XSS_All_Clients issue exists @ XtremelyEvilWebApp/StealCookies.aspx.cs in branch master
Method Page_Load at line 8 of XtremelyEvilWebApp\StealCookies.aspx.cs gets user input for the QueryString_Cookie element. This element’s value then flows through the code without being properly sanitized or validated and is eventually displayed to the user in method Page_Load at line 8 of XtremelyEvilWebApp\StealCookies.aspx.cs. This may enable a Cross-Site-Scripting attack.
Severity: High
CWE:79
Vulnerability details and guidance
Lines: 10
Code (Line #10):
var cookie = Request.QueryString["Cookie"];
Reflected_XSS_All_Clients issue exists @ XtremelyEvilWebApp/StealCookies.aspx.cs in branch master
Method Page_Load at line 8 of XtremelyEvilWebApp\StealCookies.aspx.cs gets user input for the QueryString_Cookie element. This element’s value then flows through the code without being properly sanitized or validated and is eventually displayed to the user in method Page_Load at line 8 of XtremelyEvilWebApp\StealCookies.aspx.cs. This may enable a Cross-Site-Scripting attack.
Severity: High
CWE:79
Vulnerability details and guidance
Lines: 10
Code (Line #10):