Input must be sanitized before use in path traversal. Unsanitized input enables unauthorized access to files or directories beyond the intended scope, potentially resulting in disclosure of sensitive information, unauthorized modification of data, or execution of arbitrary code.

Path Traversal

Improper input validation, sanitization, and access controls are can lead to path traversal vulnerabilities.

An HTTP parameter could contain a URL value and cause the web application to redirect the request to the specified URL. By modifying the URL value to a malicious site, an attacker could successfully launch a phishing attack and steal user credentials.

URL redirection to untrusted site

User-controlled input that specifies a link to an external site could lead to phishing attacks and allow user credentials to be stolen.

User-controllable input must be sanitized before it's included in output used to dynamically generate a web page. Unsanitized user input can introduce cross-side scripting (XSS) vulnerabilities that can lead to inadvertedly running malicious code in a trusted context.

Cross-site scripting

Relying on potentially untrusted user inputs when constructing web application outputs can lead to cross-site scripting vulnerabilities.

Amazon Q

Detector Library

Scala detectors (28/28)

Tag: top25-cwes

Path Traversal

URL redirection to untrusted site

Cross-site scripting