| Details | |
|---|---|
| Alert ID | 210013-3 |
| Alert Type | Tool |
| Status | alpha |
| Risk | High |
| CWE | 200 |
| WASC | |
| Technologies Targeted | All |
| Tags |
CWE-200 OWASP_2021_A02 OWASP_2025_A04 TOOL_PTK |
Summary
Tainted data used in XMLHttpRequest.open() URL.
Generated by OWASP PTK IAST Module
Solution
• Do not send secrets or tokens to untrusted endpoints. • Validate destination URLs and strip sensitive headers/body fields. • Apply client-side DLP checks for outbound requests.Other Info
References
- https://owasp.org/www-community/vulnerabilities/Information_exposure
- https://cwe.mitre.org/data/definitions/200.html