CWE: 80 Cross Site Scripting (XSS) BadSource: fromDB Read a string from a database connection GoodSource: A hardcoded string BadSink: Servlet querystring parameter not sanitized Flow Variant: 07 Control flow: if(private_five==5) and if(private_five!=5)

CWE: 80 Cross Site Scripting (XSS) BadSource: fromDB Read a string from a database connection GoodSource: A hardcoded string BadSink: Servlet querystring parameter not sanitized Flow Variant: 06 Control flow: if(private_final_five==5) and if(private_final_five!=5)

CWE: 80 Cross Site Scripting (XSS) BadSource: fromDB Read a string from a database connection GoodSource: A hardcoded string BadSink: Servlet querystring parameter not sanitized Flow Variant: 05 Control flow: if(private_t) and if(private_f)

CWE: 80 Cross Site Scripting (XSS) BadSource: fromDB Read a string from a database connection GoodSource: A hardcoded string BadSink: Servlet querystring parameter not sanitized Flow Variant: 04 Control flow: if(private_final_t) and if(private_final_f)

CWE: 80 Cross Site Scripting (XSS) BadSource: fromDB Read a string from a database connection GoodSource: A hardcoded string BadSink: Servlet querystring parameter not sanitized Flow Variant: 03 Control flow: if(5==5) and if(5!=5)

CWE: 80 Cross Site Scripting (XSS) BadSource: fromDB Read a string from a database connection GoodSource: A hardcoded string BadSink: Servlet querystring parameter not sanitized Flow Variant: 02 Control flow: if(true) and if(false)

CWE: 80 Cross Site Scripting (XSS) BadSource: fromDB Read a string from a database connection GoodSource: A hardcoded string BadSink: Servlet querystring parameter not sanitized Flow Variant: 01 Baseline

CWE: 80 Cross Site Scripting (XSS) BadSource: console_readLine Read data from the console using readLine GoodSource: A hardcoded string Sinks: Servlet BadSink : querystring parameter not sanitized Flow Variant: 71 Data flow: data passed as an Object reference argument from one method to anot...

CWE: 80 Cross Site Scripting (XSS) BadSource: console_readLine Read data from the console using readLine GoodSource: A hardcoded string BadSink: Servlet querystring parameter not sanitized Flow Variant: 68 Data flow: data passed as a member variable in the "a" class, which is used by a method...

CWE: 80 Cross Site Scripting (XSS) BadSource: console_readLine Read data from the console using readLine GoodSource: A hardcoded string Sinks: Servlet BadSink : querystring parameter not sanitized Flow Variant: 67 Data flow: data passed in a class from one method to another in different sour...

CWE: 80 Cross Site Scripting (XSS) BadSource: console_readLine Read data from the console using readLine GoodSource: A hardcoded string Sinks: Servlet BadSink : querystring parameter not sanitized Flow Variant: 66 Data flow: data passed in an array from one method to another in different sou...

CWE: 80 Cross Site Scripting (XSS) BadSource: console_readLine Read data from the console using readLine GoodSource: A hardcoded string Sinks: Servlet BadSink : querystring parameter not sanitized Flow Variant: 61 Data flow: data returned from one method to another in different classes in th...

CWE: 80 Cross Site Scripting (XSS) BadSource: console_readLine Read data from the console using readLine GoodSource: A hardcoded string Sinks: Servlet BadSink : querystring parameter not sanitized Flow Variant: 54 Data flow: data passed as an argument from one method through three others to ...

CWE: 80 Cross Site Scripting (XSS) BadSource: console_readLine Read data from the console using readLine GoodSource: A hardcoded string Sinks: Servlet BadSink : querystring parameter not sanitized Flow Variant: 53 Data flow: data passed as an argument from one method through two others to a ...

CWE: 80 Cross Site Scripting (XSS) BadSource: console_readLine Read data from the console using readLine GoodSource: A hardcoded string Sinks: Servlet BadSink : querystring parameter not sanitized Flow Variant: 53 Data flow: data passed as an argument from one method to another to another in...

CWE: 80 Cross Site Scripting (XSS) BadSource: console_readLine Read data from the console using readLine GoodSource: A hardcoded string Sinks: Servlet BadSink : querystring parameter not sanitized Flow Variant: 52 Data flow: data passed as an argument from one method to another to another in...

CWE: 80 Cross Site Scripting (XSS) BadSource: console_readLine Read data from the console using readLine GoodSource: A hardcoded string BadSink: Servlet querystring parameter not sanitized Flow Variant: 51 Data flow: data passed as an argument from one function to another in different classes...

CWE: 80 Cross Site Scripting (XSS) BadSource: console_readLine Read data from the console using readLine GoodSource: A hardcoded string Sinks: Servlet BadSink : querystring parameter not sanitized Flow Variant: 45 Data flow: data passed as a private class member variable from one function to...

CWE: 80 Cross Site Scripting (XSS) BadSource: console_readLine Read data from the console using readLine GoodSource: A hardcoded string BadSink: Servlet querystring parameter not sanitized Flow Variant: 42 Data flow: data returned from one method to another in the same class

CWE: 80 Cross Site Scripting (XSS) BadSource: console_readLine Read data from the console using readLine GoodSource: A hardcoded string BadSink: Servlet querystring parameter not sanitized Flow Variant: 41 Data flow: data passed as an argument from one method to another in the same class

CWE: 80 Cross Site Scripting (XSS) BadSource: console_readLine Read data from the console using readLine GoodSource: A hardcoded string Sinks: Servlet BadSink : querystring parameter not sanitized Flow Variant: 31 Data flow: make a copy of data within the same method

CWE: 80 Cross Site Scripting (XSS) BadSource: console_readLine Read data from the console using readLine GoodSource: A hardcoded string BadSink: Servlet querystring parameter not sanitized Flow Variant: 19 Control flow: Dead code after an if(true) return

CWE: 80 Cross Site Scripting (XSS) BadSource: console_readLine Read data from the console using readLine GoodSource: A hardcoded string BadSink: Servlet querystring parameter not sanitized Flow Variant: 17 Control flow: for loops

CWE: 80 Cross Site Scripting (XSS) BadSource: console_readLine Read data from the console using readLine GoodSource: A hardcoded string BadSink: Servlet querystring parameter not sanitized Flow Variant: 16 Control flow: while(true) and while(local_f)

CWE: 80 Cross Site Scripting (XSS) BadSource: console_readLine Read data from the console using readLine GoodSource: A hardcoded string BadSink: Servlet querystring parameter not sanitized Flow Variant: 15 Control flow: switch(6)