Input Validation / Improper input validation

Description

In some cases, user input is not validated or sanitized in the application. This is not a security risk for the tested application currently, but this could change in the future with further developments or functions. Especially by passing the data to a third party, this passing of not sanitized data could be a security risk for these third-party applications.

Risk

While the finding does not pose a security risk to the application under test, it does pose a potential risk if the data is passed to another endpoint/system that does not have these security measures in place.

Solution

Validate and sanitize all user input to minimize security risks, especially before passing the input to another application that may not be secured.