CX Reflected_XSS @ app/routes/contributions.js [master]

**Reflected_XSS** issue exists @ **app/routes/contributions.js** in branch **master**

*Method function at line 9 of app\routes\contributions.js gets user input for the userId element. This element&#8217;s value then flows through the code without being properly sanitized or validated and is eventually displayed to the user in method contributionsDAO.getByUserId at line 12 of app\routes\contributions.js. This may enable a Cross-Site-Scripting attack.*

Severity: High
CWE:79
[Vulnerability details and guidance](https://cwe.mitre.org/data/definitions/79.html)
[Internal Guidance](https://custodela.atlassian.net/wiki/spaces/AS/pages/79462432/Remediation+Guidance)
Lines: [34](https://github.com/Custodela/NodeGoat//blob/master/app/routes/contributions.js#L34) [10](https://github.com/Custodela/NodeGoat//blob/master/app/routes/contributions.js#L10) 

---
[Code (Line #34):](https://github.com/Custodela/NodeGoat//blob/master/app/routes/contributions.js#L34)
```
        var userId = req.session.userId;
```
---
[Code (Line #10):](https://github.com/Custodela/NodeGoat//blob/master/app/routes/contributions.js#L10)
```
        var userId = req.session.userId;
```
---


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

CX Reflected_XSS @ app/routes/contributions.js [master] #5

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

CX Reflected_XSS @ app/routes/contributions.js [master] #5

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions