Input Validation / Improper input validation
Description
In some cases, user input is not validated or sanitized in the application. This is not a security risk for the tested application currently, but this could change in the future with further developments or functions. Especially by passing the data to a third party, this passing of not sanitized data could be a security risk for these third-party applications.
Risk
While the finding does not pose a security risk to the application under test, it does pose a potential risk if the data is passed to another endpoint/system that does not have these security measures in place.
Solution
Validate and sanitize all user input to minimize security risks, especially before passing the input to another application that may not be secured.