Description
User-submitted crop data (prices, quantities, descriptions) is not sanitized before being stored or displayed. This could allow injection attacks.
Impact
- XSS attacks possible if data is rendered without escaping
- Data integrity issues from malformed inputs
Suggested Fix
Sanitize all user inputs before storage and escape all output when rendering user-submitted content.
Description
User-submitted crop data (prices, quantities, descriptions) is not sanitized before being stored or displayed. This could allow injection attacks.
Impact
Suggested Fix
Sanitize all user inputs before storage and escape all output when rendering user-submitted content.