AkiraHojo
commented
4 years ago Issue still exists.
SUMMARY
Issue has total 1 vulnerabilities left to be fix (Please scroll to the top for more information)
Open AkiraHojo opened 4 years ago
AkiraHojo
commented
4 years ago Issue still exists.
Issue has total 1 vulnerabilities left to be fix (Please scroll to the top for more information)
AkiraHojo
commented
4 years ago Issue still exists.
Issue has total 1 vulnerabilities left to be fix (Please scroll to the top for more information)
Stored_XSS issue exists @ src/main/java/org/t246osslab/easybuggy/vulnerabilities/SQLInjectionServlet.java in branch master
Method selectUsers at line 60 of src\main\java\org\t246osslab\easybuggy\vulnerabilities\SQLInjectionServlet.java gets data from the database, for the rs element. This element’s value then flows through the code without being properly filtered or encoded and is eventually displayed to the user in method responseToClient at line 31 of src\main\java\org\t246osslab\easybuggy\core\servlets\AbstractServlet.java. This may enable a Stored Cross-Site-Scripting attack.
Severity: High
CWE:79
Checkmarx
Lines: 69
Code (Line #69):