lang:

JSP

regex:

input.*type=(\"|\')?hidden.*=.*request\.get(Parameter|QueryString)

description:

User controlled input direct to output, possible cross-site scripting.
tags:
xss cross-site scripting cwe-79
results