Injection: Stored Improper Input Validation Injection¶

Identifier: improper_input_stored

Scanner(s) Support¶

GraphQL Scanner	REST Scanner	WebApp Scanner

Description¶

This vulnerability happens when an application does not carefully check or clean user input before saving it in a database, letting malicious code sneak in. The problem starts when attackers insert harmful code into the system, which later executes when other users access that stored data. This can allow attackers to perform actions like stealing sensitive information or hijacking user sessions. Often developers overlook thorough input validation or rely too heavily on client-side checks, which isn't enough to keep the data safe. If left unaddressed, this issue can compromise user data, undermine trust, and even open the door to more severe attacks in your application.

References:

https://portswigger.net/web-security/cross-site-scripting

Configuration¶

Example¶

Example configuration:

---
security_tests:
  improper_input_stored:
    assets_allowed:
    - REST
    - GRAPHQL
    - WEBAPP
    skip: false

Reference¶

`assets_allowed`¶

Type : List[AssetType]*

List of assets that this check will cover.

`skip`¶

Type : boolean

Skip the test if true.