| VID |
210147 |
| Severity |
40 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
Client Side (Javascript)
- never use Eval. Needing to use eval usually indicates a problem in your design.
- In any programming language you should be extremely cautious of executing code from an untrusted source. The same is true for JavaScript - you should be extremely cautious of running eval() against any code that may have been tampered with - for example, strings taken from the page query string. Executing untrusted code can leave you vulnerable to cross-site scripting attacks.
https://www.owasp.org/index.php/OWASP_AJAX_Security_Guidelines#Don.27t_use_eval
* Platforms Affected:
Any HTTP server Any version
Any operating system Any version |
| Recommendation |
Client Side (Javascript)
- Don't Use Eval
- Validate User Input |
| Related URL |
(CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
