- Search the codebase for "select", see if the queries are joined together with user input by + or string interpolation eg:
`Name: ${user.name}`
- Fix: Parameterized queries or replace with ORM queries
- Search the codebase for "{{{", if you see anywhere where the user input is displayed inside {{{ tags, it's probably vulnerable to XSS
- Fix: Either remove {{{ tags or add sanitization if that's not possible
- XSS Can also occur when creating elements with Javascript
- XSS: Try pasting in one of the below XSS polyglots, and then inspecting the response to see if any tags got through: