python (12.9k questions)

javascript (9.2k questions)

reactjs (4.7k questions)

java (4.2k questions)

java (4.2k questions)

c# (3.5k questions)

c# (3.5k questions)

html (3.3k questions)

Questions - checkmarx

does Django HttpResponseRedirect suffer from xss attack?

As title, because of urlpatterns are setting numeral parameter, i tend to think that HttpResponseRedirect won't suffer from xss attack, am i right? If not, how does HttpResponseRedirect suffer from it...
test-img

Billy Chung

python

django

security

xss

checkmarx

Votes: 0

Answers: 1

Latest Answer

Django is generally secure by default framework, that means that it should not be vulnerable to the most common attacks (such as XSS, SQLi etc.). As long as you didn't use mark_safe() method (referenc...
test-img

mik0w

XSS Vulnerability found in RowCommand function with e.CommandArgument

i'm using Checkmarx to scan a web application and i have noticed a lot of threats are found everytime i use e.CommandArgument in a RowCommand function. Example: Protected Sub gvwModifySend_RowCommand(...
test-img

Arn.adg

.net

xss

checkmarx

antixsslibrary

Votes: 0

Answers: 1

Latest Answer

The reported vulnerability is not XSS, it is Data Filter Injection. You can click the ? next to the query name to get a detailed description. The essence of it is that code you aren't showing is like...
test-img

NathanL

Can Convert.ToBase64String(Encoding.UTF8.GetBytes(input)) prevent Command Injection?

In my experience, we can use replace() filtering && and | to prevent command injection. Our code need to send base64String to another process, but there is Stored Command Injection scaned by c...
test-img

Billy Chung

security

checkmarx

commandinjection

Votes: 0

Answers: 1

Latest Answer

Good question. I think you should still make sure that you use prepared statements. Base64 only contains the letters of the ABC (upper and lowercase), digits, +, / and = as final padding character. Th...
test-img

Maarten Bodewes

Posts

Questions

Blogs

Jobs