rspec/rules/S5131/summary.adoc


			
				
					
						
						
						
							
							
							This vulnerability makes it possible to temporarily execute JavaScript code in the context of the application, granting access to the session of the victim. This is possible because user-provided data, such as URL parameters, are copied into the HTML body of the HTTP response that is sent back to the user. 
						
						
					
				
				
					
						Reference in New Issue
					
					View Git Blame
					Copy Permalink