Click here to Skip to main content
15,922,325 members
Please Sign up or sign in to vote.
0.00/5 (No votes)
See more:
I am scanning my application checkmark there few of the string are getting as Reflected XSS vulnerability with High-level security issue

Below is the Ex for vulnerability
String fromURL= "";

What I have tried:

I have tried with using HttpUtility.HtmlEncode
String fromURL= "";

Could you please assist on this type of Url vulnerabilities
Updated 28-Aug-20 21:14pm
F-ES Sitecore 27-Aug-20 10:38am    
If that is genuinely your code then there is no vulnerability there so you should use the appropriate attributes to have your code checker ignore that error for that bit of code. If that isn't actually the exact code, or the vulnerability is actually elsewhere (like "/" on, then we can't help you fix vulnerabilities in code you haven't shown us so you will need to update your question to show the actual code.
DGKumar 27-Aug-20 15:35pm    
after encoding the above url i am getting the below url
Sandeep Mewara 27-Aug-20 15:44pm    
By any chance you on ASP.NET MVC 1 or 2?
Sandeep Mewara 27-Aug-20 15:45pm    
Above redirect url is exactly the same where the XSS vulnerability is being raised or there is different url?

1 solution

Have a look at this: Unvalidated Redirects and Forwards - OWASP Cheat Sheet Series[^]

Section "Dangerous URL Redirects"
ASP .NET MVC 1 & 2 websites are particularly vulnerable to open redirection attacks. In order to avoid this vulnerability, you need to apply MVC 3.

The code for the LogOn action in an ASP.NET MVC 2 application is shown below. After a successful login, the controller returns a redirect to the returnUrl. You can see that no validation is being performed against the returnUrl parameter.

Section "Safe URL redirect":

Details: Preventing Open Redirection Attacks (C#) | Microsoft Docs[^]
Share this answer

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900