Update documentation

joefarebrother · joefarebrother · commit baf51334e4f5 · 2024-07-19T09:13:30.000+01:00
diff --git a/python/ql/src/Security/CWE-020/CookieInjection.qhelp b/python/ql/src/Security/CWE-020/CookieInjection.qhelp
@@ -4,7 +4,9 @@
 <qhelp>
 
 <overview>
-<p>Constructing cookies from user input can allow an attacker to control a user's cookie. Additionally, if the cookie is set using a raw header, cookie attributes such as the <code>Secure</code> flag may be controlled by an attacker.  
+<p>Constructing cookies from user input can allow an attacker to control a user's cookie. 
+This may lead to a session fixation attack. Additionally, client code may not expect a cookie to contain attacker-controlled data, and fail to sanitize it for common vulnerabilities such as Cross Site Scripting (XSS).
+An attacker manipulating the raw cookie header may additionally be able to set cookie attributes such as <code>HttpOnly</code> to insecure values.  
 </p>
 </overview>
 
@@ -19,6 +21,7 @@ and the second sets a cookie's raw value through the <code>set-cookie</code> hea
 </example>
 
 <references>
+<li>Wikipedia - <a href="https://en.wikipedia.org/wiki/Session_fixation">Session Fixation</a>.</li>
 </references>
 
 </qhelp>
