Stored_XSS @ login.ts

**Stored\_XSS** issue exists @ **login.ts** in branch **main**

The method Lambda embeds untrusted data in generated output with json, at line 22 of /routes/login.ts. This untrusted data is embedded into the output without proper sanitization or encoding, enabling an attacker to inject malicious code into the generated web-page.

The attacker would be able to alter the returned web page by saving malicious data in a data-store ahead of time. The attacker's modified data is then read from the database by the Lambda method with authenticatedUser, at line 31 of /routes/login.ts. This untrusted data then flows through the code straight to the output web page, without sanitization. 

This can enable a Stored Cross-Site Scripting (XSS) attack.

**Namespace:** westonphillips
**Repository:** CheckmarxOnePOV
**Repository Url:** https://github.com/westonphillips/CheckmarxOnePOV
**CxAST\-Project:** westonphillips/CheckmarxOnePOV
**CxAST platform scan:** [6a8170d0\-38fa\-4efc\-81df\-42628474102c](https://ast.checkmarx.net/projects/3cff8712-758c-4ce1-a688-3efc7bdda2d9/scans?id=6a8170d0-38fa-4efc-81df-42628474102c&branch=main)
**Branch:** main
**Application:** CheckmarxOnePOV
**Severity:** HIGH
**State:** CONFIRMED
**Status:** RECURRENT
**CWE:** 79
**Lines:** [31](https://github.com/westonphillips/CheckmarxOnePOV/blob/main/routes/login.ts#L31) 

----
**References**
[Read more](https://ast.checkmarx.net/results/6a8170d0-38fa-4efc-81df-42628474102c/3cff8712-758c-4ce1-a688-3efc7bdda2d9/sast/description/79/6561501369275698122)


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Stored_XSS @ login.ts #182

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Uh oh!

Stored_XSS @ login.ts #182

Description

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions