Skip to content

[CodeQL #48] Reflected server-side cross-site scripting #50

Open
#106
Open
[CodeQL #48] Reflected server-side cross-site scripting#50
#106
Labels
codeql-alert-48Tracks CodeQL alert #48securitySecurity-related issueseverity:mediumMedium severity
@devin-ai-integration

Description

@devin-ai-integration
devin-ai-integration
bot
opened on Mar 25, 2026

CodeQL Alert #48: Reflected server-side cross-site scripting

Field Value
Rule ID py/reflective-xss
Severity MEDIUM
File path vulnerable_xss.py
Line range Lines 54–54
CWE category CWE-079, CWE-116
Classification demo-only
Priority tier batched
Alert link View CodeQL Alert

Code Snippet

def error_page():
    error_msg = request.args.get('msg')
    
    return f"<div class='error'>{error_msg}</div>"

@app.route('/dashboard')
def dashboard():

Classification: demo-only

This file is prefixed with vulnerable_ and is an intentionally insecure demo file for CodeQL demonstration purposes.

Generated by automated security triage on 2026-03-25.

Metadata

Metadata

Assignees

No one assigned

    Labels

    codeql-alert-48Tracks CodeQL alert #48securitySecurity-related issueseverity:mediumMedium severity

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions