ishangsf/rspec
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
rspec/rules/S5131/rationale.adoc

11 lines
711 B
Plaintext
Raw Normal View History

[Education] Modify rule S5131: Improve language (#1177)
2022-08-23 16:23:58 +02:00
Reflected cross-site scripting (XSS) occurs in a web application when the application retrieves data like parameters or headers from an incoming HTTP request and inserts it into its HTTP response without first sanitizing it. The most common cause is the insertion of GET parameters.
Education s5131 one file per language (#1002)
2022-05-20 15:31:42 +02:00
SONARSEC-3035 Adapt images of educational rule descriptions (#1010)
2022-05-23 16:39:53 +02:00
// image:common/images/browser.png[]
[Education] Modify rule S5131: Improve language (#1177)
2022-08-23 16:23:58 +02:00
When well-intentioned users open a link to a page that is vulnerable to reflected XSS, they are exposed to attacks that target their own browser.
Education s5131 one file per language (#1002)
2022-05-20 15:31:42 +02:00
SONARSEC-3035 Adapt images of educational rule descriptions (#1010)
2022-05-23 16:39:53 +02:00
A user with malicious intent carefully crafts the link beforehand.
// Here is an example:
Education s5131 one file per language (#1002)
2022-05-20 15:31:42 +02:00
SONARSEC-3035 Adapt images of educational rule descriptions (#1010)
2022-05-23 16:39:53 +02:00
// image:common/images/url.png[]
Education s5131 one file per language (#1002)
2022-05-20 15:31:42 +02:00
After creating this link, the attacker must use phishing techniques to ensure that his target users click on the link.
Reference in New Issue Copy Permalink