CX Stored_XSS @ WebSite/BusinessLogic/Data/BlogEntryRepository.cs [master]

**Stored_XSS** issue exists @ **WebSite/BusinessLogic/Data/BlogEntryRepository.cs** in branch **master**

*Method GetTopBlogEntries at line 34 of WebSite\BusinessLogic\Data\BlogEntryRepository.cs gets data from the database, for the Take element. This element&#8217;s value then flows through the code without being properly filtered or encoded and is eventually displayed to the user in method Page_Load at line 14 of WebSite\Blog.aspx.cs. This may enable a Stored Cross-Site-Scripting attack.*

Severity: High
CWE:79
[Vulnerability details and guidance](https://cwe.mitre.org/data/definitions/79.html)
Lines: [37](https://github.com/Custodela/WebGoat.Net//blob/master/WebSite/BusinessLogic/Data/BlogEntryRepository.cs#L37) 

---
[Code (Line #37):](https://github.com/Custodela/WebGoat.Net//blob/master/WebSite/BusinessLogic/Data/BlogEntryRepository.cs#L37)
```
            var blogEntries = _context.BlogEntries.OrderByDescending(b => b.PostedDate).Skip(StartPosition).Take(NumberOfEntries);
```
---


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

CX Stored_XSS @ WebSite/BusinessLogic/Data/BlogEntryRepository.cs [master] #1

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

CX Stored_XSS @ WebSite/BusinessLogic/Data/BlogEntryRepository.cs [master] #1

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions