CX Stored_XSS @ src/main/java/org/t246osslab/easybuggy/troubles/DBConnectionLeakServlet.java [master]

[AkiraHojo]

Stored_XSS issue exists @ src/main/java/org/t246osslab/easybuggy/troubles/DBConnectionLeakServlet.java in branch master

Method selectUsers at line 59 of src\main\java\org\t246osslab\easybuggy\troubles\DBConnectionLeakServlet.java gets data from the database, for the rs element. This element’s value then flows through the code without being properly filtered or encoded and is eventually displayed to the user in method responseToClient at line 31 of src\main\java\org\t246osslab\easybuggy\core\servlets\AbstractServlet.java. This may enable a Stored Cross-Site-Scripting attack.

Severity: High

CWE:79

Checkmarx

Lines: 68

---

Code (Line #68):

            rs = stmt.executeQuery("select id, name, phone, mail from users where ispublic = 'true'");

---

[AkiraHojo]

Issue still exists.

SUMMARY

Issue has total 1 vulnerabilities left to be fix (Please scroll to the top for more information)

[AkiraHojo]

Issue still exists.

SUMMARY

Issue has total 1 vulnerabilities left to be fix (Please scroll to the top for more information)