You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Name: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Description: The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
Description: The software prepares a structured message for communication with another component, but encoding or escaping of the data is either missing or done incorrectly. As a result, the intended structure of the message is not preserved.
Name: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
Description: The software receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special characters such as "<", ">", and "&" that could be interpreted as web-scripting elements when they are sent to a downstream component that processes web pages.
Due Date: 2022-10-08
A medium severity vulnerability has been discovered in your project.
Project Name: twrap-go
Scanner Name: nessuspro
Cwe ID: 79
Cwe Name: Improper Neutralization of Input During Web Page Generation (Cross Site Scripting)
Cwe Link: https://cwe.mitre.org/data/definitions/79.html
Target: - : 443
CVE: CVE-1999-0524
Service: www
Exploitable: true
Protocol: http
Training(Secure Code Warrior):
Name: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Description: The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
Link: https://portal.securecodewarrior.com/?utm_source=partner-integration:kondukto#/contextual-microlearning/web/xss
Videos:
Name: Improper Encoding or Escaping of Output
Description: The software prepares a structured message for communication with another component, but encoding or escaping of the data is either missing or done incorrectly. As a result, the intended structure of the message is not preserved.
Link: https://portal.securecodewarrior.com/?utm_source=partner-integration:kondukto#/contextual-microlearning/web/injection
Videos:
Name: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
Description: The software receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special characters such as "<", ">", and "&" that could be interpreted as web-scripting elements when they are sent to a downstream component that processes web pages.
Link: https://portal.securecodewarrior.com/?utm_source=partner-integration:kondukto#/contextual-microlearning/web/xss
Videos:
Tool Description: might be harmful, better be cautious
Custom Description: test
Kondukto Link: http://79.kondukto.local/projects/634fe837a5be8478724352c4/vulns/infra?page=1&perPage=15&id=in:6358e1cf7d677763b16b6e9f
Deeplink:
The text was updated successfully, but these errors were encountered: