From 4bafc198831a35fdcc80f63153483f8461e348e4 Mon Sep 17 00:00:00 2001
From: Rene Zubcevic <git@zubcevic.com>
Date: Tue, 9 Apr 2019 20:40:41 +0200
Subject: [PATCH] fixed classcast exception on randValue

---
 .../java/org/owasp/webgoat/plugin/DOMCrossSiteScripting.java    | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/webgoat-lessons/cross-site-scripting/src/main/java/org/owasp/webgoat/plugin/DOMCrossSiteScripting.java b/webgoat-lessons/cross-site-scripting/src/main/java/org/owasp/webgoat/plugin/DOMCrossSiteScripting.java
index 8a438c5ac..59b3867ad 100644
--- a/webgoat-lessons/cross-site-scripting/src/main/java/org/owasp/webgoat/plugin/DOMCrossSiteScripting.java
+++ b/webgoat-lessons/cross-site-scripting/src/main/java/org/owasp/webgoat/plugin/DOMCrossSiteScripting.java
@@ -54,7 +54,7 @@ public class DOMCrossSiteScripting extends AssignmentEndpoint {
 
             UserSessionData userSessionData = getUserSessionData();
         SecureRandom number = new SecureRandom();
-        userSessionData.setValue("randValue",number.nextInt());
+        userSessionData.setValue("randValue",String.valueOf(number.nextInt()));
 
         if (param1 == 42 && param2 == 24 && request.getHeader("webgoat-requested-by").equals("dom-xss-vuln")) {
             return trackProgress(success().output("phoneHome Response is " + userSessionData.getValue("randValue").toString()).build());