lang:

JSP

regex:

out\.println\s*\(\s*request\.get(Parameter|QueryString)\s*\(\s*\"

description:

User controlled input direct to output, possible cross-site scripting.
tags:
xss cross-site scripting cwe-79
results