cwe-79
Opened this issue · 1 comments
trevorghess commented
test plaintext passwords
secure-code-warrior-for-github commented
Micro-Learning Topic: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') (CWE 79)
Matched on "cwe-79"
The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
Try a challenge in Secure Code Warrior
Helpful references
- Prevent Cross-Site Scripting (XSS) in ASP.NET Core - A detailed Microsoft article on how to prevent cross-site scripting in ASP.NET Core.
- OWASP Cross Site Scripting (XSS) Software Attack - OWASP community page with comprehensive information about cross site scripting, and links to various OWASP resources to help detect or prevent it.
- OWASP Cross Site Scripting Prevention Cheat Sheet - This article provides a simple positive model for preventing XSS using output encoding properly.