lang:
JSP
regex:
input.*type=(\"|\')?hidden.*=.*request\.get(Parameter|QueryString)
description:
User controlled input direct to output, possible cross-site scripting.
tags:
xss cross-site scripting cwe-79
input.*type=(\"|\')?hidden.*=.*request\.get(Parameter|QueryString)
User controlled input direct to output, possible cross-site scripting.