Test case 2170

Type: source code
State: bad
Author: Sue Wang
Status: accepted
Language: Java
Submission Date: 30 Apr 2010

Description

This code demos the Reflected XSS (or Non-Persistent) ==> "Scope Bad Case". The servlet reads the user input from the HTTP request and directly reflects the user input back into the HTTP response.

Flaws

CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Have any comments on this test case? Please, send us an email.