sds icon indicating copy to clipboard operation
sds copied to clipboard
verified publisher icon didi

Cross-Site Scripting: Reflected

Open QiAnXinCodeSafe opened this issue 5 years ago • 0 comments

https://github.com/didi/sds/blob/0ac9dbe98b6e019bede3517dc333cf2a9e3c4013/sds-admin/src/main/java/com/didiglobal/sds/admin/controller/HeartbeatController.java#L71-L73

There may be special characters in ‘’request.getParameter("client")‘’.Sending unvalidated data to a web browser can result in the browser executing malicious code.

QiAnXinCodeSafe avatar May 07 '20 07:05 QiAnXinCodeSafe