Details
Alert ID 100044-4
Alert Type Script Active
Status alpha
Risk High
CWE 20
WASC 20
Technologies Targeted All
Tags CWE-20
OWASP_2017_A01
OWASP_2021_A03
POLICY_PENTEST
More Info Scan Rule Help

Summary

The application performed a suspicious input transformation that may indicate a security vulnerability. The input was transformed in an unexpected way, suggesting potential issues with input validation, encoding/decoding, or expression evaluation. This could indicate vulnerabilities such as server-side template injection, expression language injection, unicode normalization issues, or other input processing flaws that may be exploitable.

Solution

Review input validation and sanitization mechanisms. Ensure user input is properly escaped and validated before processing. Consider implementing strict input filtering to prevent injection attacks.

Other Info

References

Code

scripts/scripts/active/SuspiciousInputTransformation.js