cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

dtCookie parameterdirectly controlled by user input

deepaksharma1
Newcomer

It was observed that dtCookie parameter for one script tag page is directly controlled by user input.

For Ex: An attacker who can control the reference location to a JavaScript source file can load a script of their choice into an application.

Recommendation : It is recommended that the script should properly sanitize user input and Do not allow user-input to control script source location references.


1 REPLY 1

I think you are saying about storing in cookie user action name that sometimes is corresponded with what was in user input, yes?

Sebastian