Arbitrary Variants Via Query Parameters
Due to unvalidated input, an attacker can pass in arbitrary variants via query parameters. If an application treats variants as trusted, this can lead to potential vulnerabilities like SQL injection or cross-site scripting XSS. For instance: landingpage = fieldtest:landingpage Page.where"key =...