The program creates a hidden form field.
Programmers often trust the contents of hidden fields, expecting that users will not be able to view them or manipulate their contents. Attackers will violate these assumptions. They will examine the values written to hidden fields and alter them or replace the contents with attack data.
Example:
HtmlInputHidden hidden = new HtmlInputHidden();
[1] Standards Mapping - Security Technical Implementation Guide Version 3 - (STIG 3) APP3610 CAT I
[2] Standards Mapping - Common Weakness Enumeration - (CWE) CWE ID 472, CWE ID 642
[3] Input Validation and Representation Fortify, An HP Company
[4] Standards Mapping - SANS Top 25 2009 - (SANS 2009) Risky Resource Management - CWE ID 642