[Security Triage] CodeQL XSS Test Triage — 2026-03-25
This issue tracks the triage of 5 cross-site scripting (XSS) related CodeQL alerts for colin-d-fried/demo-python.
Scope: 5 selected XSS-related alerts (rules: py/reflective-xss, py/template-injection)
Total alerts in scope: 5
Severity breakdown: 1 critical (fast-track), 4 medium (batched)
Alert Checklist (prioritized)
Fast-track (Critical/High severity)
Batched (Medium/Low severity)
All alerts triaged on 2026-03-25. See Triage Report #62 for full details.
[Security Triage] CodeQL XSS Test Triage — 2026-03-25
This issue tracks the triage of 5 cross-site scripting (XSS) related CodeQL alerts for
colin-d-fried/demo-python.Scope: 5 selected XSS-related alerts (rules:
py/reflective-xss,py/template-injection)Total alerts in scope: 5
Severity breakdown: 1 critical (fast-track), 4 medium (batched)
Alert Checklist (prioritized)
Fast-track (Critical/High severity)
vulnerable_xss.py:31| Server Side Template Injection | CWE-074 | View alert — Classification:fix| PR #57 | Status: In ReviewBatched (Medium/Low severity)
vulnerable_deserialization.py:14| Reflected server-side cross-site scripting | CWE-079, CWE-116 | View alert — Classification:fix| PR #58 | Status: In Reviewvulnerable_ssrf.py:13| Reflected server-side cross-site scripting | CWE-079, CWE-116 | View alert — Classification:fix| PR #59 | Status: In Reviewvulnerable_xss.py:9| Reflected server-side cross-site scripting | CWE-079, CWE-116 | View alert — Classification:fix| PR #60 | Status: In Reviewvulnerable_xxe.py:23| Reflected server-side cross-site scripting | CWE-079, CWE-116 | View alert — Classification:fix| PR #61 | Status: In ReviewAll alerts triaged on 2026-03-25. See Triage Report #62 for full details.