Apr 11, 2018 12:42 PM|Titto Thomas|LINK
The basic reason for all these 3 vulnerabilities is lack of input validation. White-listing of user input is the basic fix for all the three. Regular Expressions are very helpful in this.
Otherwise, avoid passing user input directly to the function calls, if possible. Use indexes instead of supplying original user input to server side functions.
(please manually confirm the Zap scan result to filter out False Positives )