Description
CWE: 83 Cross Site Scripting (XSS) in attributes; Examples(replace QUOTE with an actual double quote): ?img_loc=http://www.google.comQUOTE%20onerror=QUOTEalert(1) and ?img_loc=http://www.google.comQUOTE%20onerror=QUOTEjavascript:alert(1)
BadSource: getParameter_Servlet Read data from a querystring using getParameter()
GoodSource: A hardcoded string
BadSink: printlnServlet XSS in img src attribute
Flow Variant: 06 Control flow: if(PRIVATE_STATIC_FINAL_FIVE==5) and if(PRIVATE_STATIC_FINAL_FIVE!=5)
Flaws
Test Suites
Documentation
Have any comments on this test case? Please, send us an email.