CodeAnt AI home pagelight logodark logo
  • Support
  • Dashboard
  • Dashboard
Documentation
API Reference
Start Here
  • What is CodeAnt?
  • Join Community
Setup
  • Github
  • Bitbucket
  • Gitlab
  • Azure Devops
Pull Request Review
  • Features
  • Customize Review
  • Quality Gates
  • Integrations
Scan center
  • Code Security
  • Code Quality
  • Cloud Security
  • Engineering Productivity
Integrations
  • Jira
  • Test Coverage
  • CI/CD
IDE
  • Setup
  • Review
  • Enhancements
Rule Reference
  • Compliance
  • Anti-Patterns
  • Code Governance
  • Infrastructure Security Database
  • Application Security Database
    • Apex
    • Bash
    • C
    • Clojure
    • Cpp
    • Csharp
    • Dockerfile
    • Elixir
    • Fingerprints
    • Generic
    • Go
    • Html
    • Java
      • Android
      • Aws-lambda
      • Castor
      • Java-jwt
      • Jax-rs
      • Jboss
      • Jdo
      • Jedis
      • Jjwt
      • Jsch
      • Kryo
      • Lang
        • Audit
        • Correctness
        • Security
        • Security
          • Audit
          • Audit
            • Active-debug-code-getstacktrace
            • Active-debug-code-printstacktrace
            • Crypto
            • Crypto
            • Formatted-sql-string-deepsemgrep
            • Saxreader-xmlreader-constructor
            • Sqli
            • Xml-custom-entityresolver
            • Xss
            • Xss
              • Jsf
              • Jsp
            • Xxe
          • Crypto
          • Net
          • Properties
          • Sql
          • System
          • Xxe
      • Micronaut
      • Mongo
      • Mongodb
      • Mysql
      • Okhttp
      • Rmi
      • Servlets
      • Spring
      • Thymeleaf
      • Xstream
    • Javascript
    • Json
    • Kotlin
    • Ocaml
    • Php
    • Problem-based-packs
    • Python
    • Ruby
    • Rust
    • Scala
    • Solidity
    • Swift
    • Terraform
    • Typescript
    • Yaml
Resources
  • Open Source
  • Blogs
Xss

Jsf

autoescape-disabled

Detected an element with disabled HTML escaping. If external data can reach this, this is a cross-site scripting (XSS) vulnerability. Ensure no external data can reach here, or remove ‘escape=false’ from this element.
Likelihood: LOW
Confidence: LOW
CWE:
- CWE-150: Improper Neutralization of Escape, Meta, or Control Sequences
OWASP:
- A
- 0
- 7
- :
- 2
- 0
- 1
- 7
-

- -
-

- C
- r
- o
- s
- s
- -
- S
- i
- t
- e
-

- S
- c
- r
- i
- p
- t
- i
- n
- g
-

- (
- X
- S
- S
- )
XssJsp
twitterlinkedin
Powered by Mintlify
Assistant
Responses are generated using AI and may contain mistakes.