-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathdvaxss.csv
We can make this file beautiful and searchable if this error is corrected: Any value after quoted field isn't allowed in line 20.
64 lines (64 loc) · 15.9 KB
/
dvaxss.csv
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
"Identifier","Snippet","Label","Vulnerability Type","Severity","Function Name","Source","Timestamp","Reviewer Notes","Confidence Score"
"001","document.getElementById('content').innerHTML = userInput;","Vulnerable","Reflected XSS","High","updateContent","GitHub Repo XYZ","2023-06-01","Direct use of innerHTML with user input","0.9"
"002","document.getElementById('content').textContent = userInput;","Safe","N/A","N/A","displayMessage","Internal Project ABC","2023-05-20","Safe textContent usage for user data","1.0"
"003","var userData = '<script>' + userProvidedData + '</script>';","Vulnerable","Stored XSS","High","storeUserData","Open Source Project 123","2023-04-15","User data concatenated in script tag","0.85"
"004","const safeHtml = DOMPurify.sanitize(userInput); document.body.innerHTML = safeHtml;","Safe","N/A","N/A","sanitizeAndDisplay","Blog Post 456","2023-03-10","Uses DOMPurify to sanitize user input","1.0"
"005","$('#info').html(userDetails);","Vulnerable","Reflected XSS","Medium","updateInfo","Stack Overflow Snippet","2023-02-25","jQuery html method vulnerable to XSS","0.75"
"006","element.setAttribute('href', 'http://example.com/?user=' + encodeURIComponent(userInfo));","Safe","N/A","N/A","setUserLink","GitHub Gist 789","2023-01-30","Correct use of encodeURIComponent for user data in URLs","0.95"
"007","document.write('Welcome, ' + untrustedUserInput);","Vulnerable","Reflected XSS","High","welcomeUser","Online Tutorial 321","2023-01-15","Uses document.write with untrusted input","0.8"
"008","element.style.backgroundColor = '#' + userInput;","Potentially Vulnerable","DOM-based XSS","Medium","changeBackground","User Forum Thread 654","2022-12-10","Directly using user input for style can lead to XSS","0.6"
"009","var userText = escapeHtml(userInput); document.getElementById('display').innerHTML = userText;","Safe","N/A","N/A","displayUserText","Coding Blog 987","2022-11-05","Escapes HTML in user input before rendering","0.95"
"010","eval('('+userInput+')');","Vulnerable","Reflected XSS","High","evaluateInput","Security Workshop 210","2022-10-20","Using eval with user input, high risk of XSS","0.7"
"011","const userName = userInput.trim(); document.querySelector('#greeting').textContent = Hello, ${userName};","Safe","N/A","N/A","greetUser","Personal Project 432","2022-09-15","Trims and safely displays user input as text","1.0"
"012","document.querySelector('#user-input').outerHTML = '<div>' + userInput + '</div>';","Vulnerable","Stored XSS","High","modifyOuterHtml","Web Dev Forum 876","2022-08-30","Incorporates user input into HTML structure without sanitization","0.65"
"013","fetch('/api/data').then(response => response.text()).then(data => document.getElementById('data').innerHTML = data);","Potentially Vulnerable","Reflected XSS","Medium","fetchAndDisplayData","API Documentation 543","2022-07-25","Uses innerHTML for displaying fetched data, potential for XSS if data is not sanitized","0.55"
"014","XMLHttpRequest.onreadystatechange = function() { if (this.readyState == 4 && this.status == 200) { document.getElementById('result').textContent = this.responseText; }};","Safe","N/A","N/A","updateResult","Ajax Tutorial 369","2022-06-10","Safely updates text content with response data, preventing XSS","1.0"
"015","const userLink = <a href='${userInput}'>Link</a>; document.body.innerHTML = userLink;","Vulnerable","Reflected XSS","High","createUserLink","Developer Blog 258","2022-05-05","Creates hyperlink with user input, vulnerable to XSS if input is not sanitized","0.6"
"016","React.createElement('div', {dangerouslySetInnerHTML: {__html: userInput}});","Vulnerable","Reflected XSS","High","renderHtml","React Documentation","2022-04-20","Uses React's dangerouslySetInnerHTML, can lead to XSS if not handled properly","0.7"
"017","const userMessage = <span>${escape(userInput)}</span>; document.body.innerHTML = userMessage;","Safe","N/A","N/A","displayUserMessage","Frontend Dev Blog","2022-03-15","Template literals with escaped user input for safety","1.0"
"018","if(userInput.includes('<script>')) { alert('Invalid input'); } else { document.body.innerHTML = userInput; }","Potentially Vulnerable","DOM-based XSS","Medium","validateAndDisplay","Security Guide 101","2022-02-28","Attempts to validate input but still risky if not all XSS patterns are caught","0.5"
"019","Vue.component('user-comment', { template: '<p v-html=\"userComment\"></p>'});","Vulnerable","Reflected XSS","High","VueUserComment","Vue.js Forum","2022-01-10","Vue's v-html directive can lead to XSS if userComment is not sanitized","0.65"
"020","document.getElementById('user-input').innerText = escapeHtml(userInput);","Safe","N/A","N/A","escapeAndDisplay","Web Security Course","2021-12-25","Escapes and safely displays user input using innerText","1.0"
"021","const params = new URLSearchParams(window.location.search); document.body.innerHTML = params.get('userInput');","Vulnerable","Reflected XSS","High","parseUrlParams","Web App Tutorial","2022-11-17","Directly using URL parameters in innerHTML","0.8"
"022","const safeUrl = new URL(userInput, window.location.origin); window.location.href = safeUrl.href;","Safe","N/A","N/A","redirectUser","Security Blog 312","2022-10-30","Safely constructs URL to prevent XSS","1.0"
"023","document.body.appendChild(document.createTextNode(userInput));","Safe","N/A","N/A","appendText","JavaScript Guide 411","2022-10-13","Safely appends user text as a text node, preventing XSS","1.0"
"024","const template = '<div>' + encodeForHtml(userInput) + '</div>'; document.body.innerHTML = template;","Safe","N/A","N/A","renderTemplate","HTML5 Tutorial 222","2022-09-26","Uses custom function to encode user input for HTML","0.95"
"025","if (userInput.match(/<script.*?>.*?<\\/script>/ig)) { console.warn('Unsafe input'); } else { document.body.innerHTML = userInput; }","Potentially Vulnerable","DOM-based XSS","Medium","validateInput","Dev Forum 789","2022-09-09","Basic regex check for script tags, but still potentially unsafe","0.5"
"026","$('.user-content').load('/api/content?data=' + encodeURIComponent(userInput));","Potentially Vulnerable","Reflected XSS","Medium","loadUserContent","jQuery Docs 564","2022-08-23","Uses jQuery load with URL encoding, but potential for XSS in API response","0.6"
"027","node.innerHTML = marked(userInput);","Vulnerable","Reflected XSS","High","renderMarkdown","Markdown Library 678","2022-08-06","Markdown rendering without proper sanitization can lead to XSS","0.7"
"028","const data = JSON.parse(userInput); document.getElementById('json-content').innerText = JSON.stringify(data, null, 2);","Safe","N/A","N/A","displayJson","JSON Tutorial 345","2022-07-20","Safely parsing and displaying JSON input","1.0"
"029","const scriptTag = `<script>${userInput}</script>`; eval(scriptTag);","Vulnerable","Reflected XSS","High","executeScript","Advanced JS Course","2022-07-03","Dynamically executing script with user input is highly unsafe","0.4"
"030","const userUrl = sanitizeUrl(userInput); document.getElementById('link').setAttribute('href', userUrl);","Safe","N/A","N/A","setUserLink","URL Handling 101","2022-06-16","Sanitizes URL input before setting href attribute","0.95"
"031","if(isSafeInput(userInput)) { document.body.innerHTML = userInput; } else { alert('Unsafe input detected'); }","Potentially Vulnerable","Reflected XSS","Medium","checkAndDisplay","Security Best Practices","2022-05-30","Depends on the effectiveness of isSafeInput function for XSS prevention","0.6"
"032","const userDetails = `<div>Name: ${escape(user.name)}</div><div>Email: ${escape(user.email)}</div>`; document.getElementById('profile').innerHTML = userDetails;","Safe","N/A","N/A","displayProfile","User Management System","2022-05-13","Safely constructing user details with escaped values","1.0"
"033","document.getElementById('msg').innerHTML = marked(sanitizeMarkdown(userInput));","Safe","N/A","N/A","displayMarkdown","Markdown Utils","2022-04-26","Sanitizes markdown before converting to HTML","1.0"
"034","const dynamicContent = 'return `' + userInput + '`;'; new Function(dynamicContent)();","Vulnerable","Reflected XSS","High","generateContent","Dynamic JS Generator","2022-04-09","Using new Function with dynamic content can lead to XSS","0.3"
"035","const userComment = JSON.stringify(userInput).slice(1, -1); document.querySelector('.comment').innerText = userComment;","Safe","N/A","N/A","postComment","Commenting System","2022-03-23","Safely displays user comment as text, preventing XSS","1.0"
"036","fetch(`/api/data?param=${userInput}`).then(response => response.json()).then(data => { document.getElementById('data').innerHTML = data.content; });","Potentially Vulnerable","Reflected XSS","Medium","fetchData","API Interaction Guide","2022-02-06","Using template literals with user input in fetch request; potential XSS if API response is not sanitized","0.55"
"037","const userBio = '<p>' + escapeHtml(userInput) + '</p>'; document.querySelector('.bio').innerHTML = userBio;","Safe","N/A","N/A","updateBio","User Profile Module","2022-01-20","Escaping HTML in user input before inserting into the DOM","1.0"
"038","document.getElementById('status').outerHTML = '<div>Status: ' + userInput + '</div>';","Vulnerable","Stored XSS","High","updateStatus","Web App Security Course","2021-12-05","Directly concatenating user input into outerHTML","0.7"
"039","const userSettings = JSON.parse(localStorage.getItem('userInput')); document.getElementById('settings').innerText = userSettings.preference;","Safe","N/A","N/A","loadSettings","Local Storage Tutorial","2021-11-19","Safely displaying user data from localStorage","1.0"
"040","if(isValidInput(userInput)) { eval('('+userInput+')'); } else { console.error('Invalid input'); }","Vulnerable","Reflected XSS","High","validateAndExecute","Input Validation Framework","2021-10-04","Using eval with a validation function; still risky for XSS","0.4"
"041","const scriptContent = `<script src='${encodeURI(userInput)}'></script>`; document.head.innerHTML += scriptContent;","Potentially Vulnerable","Reflected XSS","Medium","addScript","Dynamic Script Loader","2021-09-18","Appending user input to script src, potential for XSS despite URI encoding","0.6"
"042","Vue.component('dynamic-content', { template: '<div v-html=\"sanitize(userContent)\"></div>' });","Safe","N/A","N/A","VueDynamicContent","Vue.js Advanced Guide","2021-08-31","Using Vue's v-html with sanitization function","1.0"
"043","const data = { userContent: userInput }; $('#content').append($('<div></div>').text(data.userContent));","Safe","N/A","N/A","appendUserContent","jQuery Manipulation Tips","2021-08-14","Safely appending user content using jQuery text method","1.0"
"044","let userColor = userInput.toLowerCase(); if (userColor.match(/^[a-z]+$/)) { document.body.style.backgroundColor = userColor; }","Safe","N/A","N/A","changeBackgroundColor","User Input Handling","2021-07-28","Validating user input before using it to change style properties","1.0"
"045","angular.module('app').controller('MainCtrl', function($scope, $sce) { $scope.userHtml = $sce.trustAsHtml(userInput); });","Potentially Vulnerable","Reflected XSS","Medium","AngularMainCtrl","AngularJS Best Practices","2021-07-11","Using AngularJS's $sce for trusting HTML, requires careful handling to prevent XSS","0.6"
"046","const userLink = `http://example.com/?user=${encodeURIComponent(userInput)}`; window.open(userLink, '_blank');","Safe","N/A","N/A","openUserLink","URL Handling in JS","2021-06-24","Safely constructing and opening a URL with user input","1.0"
"047","if(userInput.includes('</script>')) { document.body.innerHTML = 'Invalid input'; } else { document.body.innerHTML = userInput; }","Vulnerable","Reflected XSS","High","checkScriptTag","Script Tag Validation","2021-06-07","Inadequate script tag check, vulnerable to XSS","0.5"
"048","React.useEffect(() => { document.title = userInput; }, [userInput]);","Safe","N/A","N/A","updateTitle","React Hooks Essentials","2021-05-21","Safely updating the document title in React","1.0"
"049","const userProfile = `<div class='profile'>${sanitize(userInput)}</div>`; document.getElementById('profile-container').innerHTML = userProfile;","Safe","N/A","N/A","renderProfile","User Profile Handler","2021-04-04","Using a sanitization function before inserting user input into HTML","1.0"
"050","node.innerHTML = Prism.highlight(userInput, Prism.languages.javascript);","Vulnerable","Reflected XSS","High","highlightCode","Code Highlighting Tool","2021-03-18","Injecting user input into innerHTML without sanitization, even with syntax highlighting","0.6"
"051","const userImage = `<img src='/path/to/images/${encodeURIComponent(userInput)}'>`; document.getElementById('image-container').innerHTML = userImage;","Safe","N/A","N/A","displayImage","Image Rendering Guide","2021-02-01","Safely creating an image element with user input","1.0"
"052","if(userInput.match(/^\\w+$/)) { document.getElementById('username').innerText = userInput; } else { alert('Invalid username'); }","Safe","N/A","N/A","updateUsername","Username Validator","2021-01-15","Validating username with regex before displaying","1.0"
"053","const customScript = `<script>${userInput}</script>`; document.body.innerHTML = customScript;","Vulnerable","Reflected XSS","High","injectScript","Custom Scripting","2020-12-30","Inserting user input within a script tag, highly vulnerable to XSS","0.3"
"054","document.querySelector('#note').textContent = DOMPurify.sanitize(marked(userInput));","Safe","N/A","N/A","displayNote","Markdown to HTML","2020-12-14","Sanitizing markdown converted HTML content before displaying","1.0"
"055","const userData = JSON.parse(userInput); if(userData.name) { document.getElementById('name').innerHTML = userData.name; }","Potentially Vulnerable","Reflected XSS","Medium","parseUserData","JSON Parsing","2020-11-29","Parsing user input as JSON and using a property; potential XSS risk if JSON is not sanitized","0.55"
"056","angular.module('app').directive('compile', ['$compile', function ($compile) { return function(scope, element, attrs) { scope.$watch(attrs.compile, function(newValue, oldValue) { element.html(newValue); $compile(element.contents())(scope); }); }; }]);","Vulnerable","Reflected XSS","High","AngularCompileDirective","AngularJS Development","2020-11-13","Custom AngularJS directive that compiles HTML; high risk of XSS if not handled properly","0.4"
"057","const safeContent = xssFilters.inHTMLData(userInput); document.querySelector('.content').innerHTML = safeContent;","Safe","N/A","N/A","filterContent","Content Filtering","2020-10-28","Using xssFilters library to sanitize user input before rendering","1.0"
"058","document.getElementById('output').innerHTML = userInput.replace(/script/gi, '');","Vulnerable","Reflected XSS","High","filterOutput","Output Filtering","2020-10-12","Basic string replacement is not enough to prevent XSS","0.5"
"059","const userFeedback = `<div>${escapeForHtml(userInput)}</div>`; document.getElementById('feedback-container').innerHTML = userFeedback;","Safe","N/A","N/A","displayFeedback","Feedback Display","2020-09-27","Escaping user input for HTML before inserting into the DOM","1.0"
"060","const userQuery = `SELECT * FROM users WHERE name = '${userInput}'`; if(isSQLSafe(userInput)) { database.query(userQuery); } else { console.error('Unsafe SQL query'); }","Vulnerable","SQL Injection","High","executeQuery","Database Interaction Guide","2020-09-10","Constructing SQL query with user input without proper sanitization, even with a safety check","0.4"
*** Custom Input from here -> JaySeb - December 2023 ***
"061","document.getElementById("searchTerm").value = searchTerm","Vulnerable","Reflected XSS","Moderate","loadSearch","Morgan Stanley web site","2023-09-01","Term inputed by the user for searching the web site without proper sanitization in the results windows, not in the search page per se","0.9"
"062","document.getElementById("search-count").innerHTML = "Found " + searchCount + ' results for "' + searchTerm + '"';","Vulnerable","Reflected XSS","Moderate","loadSearch","Morgan Stanley web site","2023-09-01","Search output based on the user for searching the web site without proper sanitization in the results windows, not in the search page per se","0.9"