CodeQL Alert #49: Reflected server-side cross-site scripting
| Field |
Value |
| Rule ID |
py/reflective-xss |
| Severity |
MEDIUM |
| File path |
vulnerable_xss.py |
| Line range |
Lines 60–60 |
| CWE category |
CWE-079, CWE-116 |
| Classification |
demo-only |
| Priority tier |
batched |
| Alert link |
View CodeQL Alert |
Code Snippet
def dashboard():
user_input = request.args.get('data', '')
response = make_response(f"<p>Dashboard data: {user_input}</p>")
return response
def render_user_content(content):Classification: demo-only
This file is prefixed with vulnerable_ and is an intentionally insecure demo file for CodeQL demonstration purposes.
Generated by automated security triage on 2026-03-25.
CodeQL Alert #49: Reflected server-side cross-site scripting
py/reflective-xssvulnerable_xss.pydemo-onlybatchedCode Snippet
Classification:
demo-onlyThis file is prefixed with
vulnerable_and is an intentionally insecure demo file for CodeQL demonstration purposes.Generated by automated security triage on 2026-03-25.