Get Started
- CodeAnt AI
- Control Center
- Pull Request Review
- IDE
- Compliance
- Anti-Patterns
- Code Governance
- Infrastructure Security Database
- Application Security Database
- Apex
- Bash
- C
- Clojure
- Cpp
- Csharp
- Dockerfile
- Elixir
- Fingerprints
- Generic
- Go
- Html
- Java
- Javascript
- Json
- Kotlin
- Ocaml
- Php
- Doctrine
- Lang
- Laravel
- Security
- Security
- Laravel-code-injection
- Laravel-column-sql-injection
- Laravel-command-injection
- Laravel-cookie-not-encrypted
- Laravel-csrf-not-verified
- Laravel-direct-response-write
- Laravel-http-client-ssrf
- Laravel-mail-command-injection
- Laravel-native-sql-injection
- Laravel-path-traversal-storage
- Laravel-path-traversal
- Laravel-raw-sql-injection
- Laravel-unsafe-entity-loader
- Laravel-xml-unsafe-parser-flags
- Search-laravel-form-csrf
- Secrets
- Symfony
- Wordpress-plugins
- Problem-based-packs
- Python
- Ruby
- Rust
- Scala
- Solidity
- Swift
- Terraform
- Typescript
- Yaml
Laravel-direct-response-write
Laravel direct response write
Detected data rendered directly to the end user via ‘response’ This bypasses Laravel’s built-in cross-site scripting (XSS) defenses and could result in an XSS vulnerability. Use Laravel’s template engine to safely render HTML.
Likelihood: LOW
Confidence: MEDIUM
CWE:
- CWE-79: Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’)
OWASP:
- A07:2017 - Cross-Site Scripting (XSS)
- A03:2021 - Injection