CX Reflected_XSS_All_Clients @ XtremelyEvilWebApp/StealCookies.aspx.cs [master]

**Reflected_XSS_All_Clients** issue exists @ **XtremelyEvilWebApp/StealCookies.aspx.cs** in branch **master**

*Method Page_Load at line 8 of XtremelyEvilWebApp\StealCookies.aspx.cs gets user input for the QueryString_Cookie element. This element&#8217;s value then flows through the code without being properly sanitized or validated and is eventually displayed to the user in method Page_Load at line 8 of XtremelyEvilWebApp\StealCookies.aspx.cs. This may enable a Cross-Site-Scripting attack.*

Severity: High
CWE:79
[Vulnerability details and guidance](https://cwe.mitre.org/data/definitions/79.html)
Lines: [10](https://github.com/Custodela/WebGoat.Net//blob/master/XtremelyEvilWebApp/StealCookies.aspx.cs#L10) 

---
[Code (Line #10):](https://github.com/Custodela/WebGoat.Net//blob/master/XtremelyEvilWebApp/StealCookies.aspx.cs#L10)
```
            var cookie = Request.QueryString["Cookie"];
```
---


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

CX Reflected_XSS_All_Clients @ XtremelyEvilWebApp/StealCookies.aspx.cs [master] #5

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

CX Reflected_XSS_All_Clients @ XtremelyEvilWebApp/StealCookies.aspx.cs [master] #5

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions