Stored Improper Input Validation Injection
Preventing cross-site scripting is trivial in some cases but can be much harder depending on the complexity of the application and the ways it handles user-controllable data.
To effectively prevent XSS vulnerabilities, use a combination of the following measures:
- Filter user input on arrival as strictly as possible, based on what you expect as legitimate input.
- Use Content Security Policy (CSP) to reduce the severity of any XSS vulnerability that still occurs.
- skip_objects : List of object that are to be skipped by the security test.
Ignore this check
- Escape Severity: HIGH
- OWASP: API10:2023
- PCI DSS: 6.5.7
- WASC: WASC-08
- CVSS_VECTOR: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H/RL:O/RC:C
- CVSS_SCORE: 7.2