search

Checkmarx-jharris / JavaVulnerableLab

GNU General Public License v2.0
0 stars 0 forks source link

Email check fix #71

Closed jharriscx closed 3 years ago

jharriscx commented 3 years ago

Scan submitted to Checkmarx

jharriscx commented 3 years ago

Logo
Checkmarx SAST - Scan Summary & Details

Cx-SAST Summary

Total of 1145 vulnerabilities
High 403 High
Medium 193 Medium
Low 541 Low
Info 8 Info

Violation Summary

High 57 High
View more details on Checkmarx UI

Cx-SAST Details

Lines Severity Category File Link
16 High Stored_XSS src/main/webapp/vulnerability/DisplayMessage.jsp Checkmarx
24 High Stored_XSS src/main/webapp/vulnerability/idor/download.jsp Checkmarx
43 High Stored_XSS src/main/webapp/vulnerability/sqli/download_id_union.jsp Checkmarx
52 High Stored_XSS src/main/java/org/cysecurity/cspf/jvl/controller/LoginValidator.java Checkmarx
14 High Stored_XSS src/main/webapp/vulnerability/Messages.jsp Checkmarx
21 29 High Stored_XSS src/main/webapp/myprofile.jsp Checkmarx
19 High Stored_XSS src/main/webapp/admin/manageusers.jsp Checkmarx
13 High Stored_XSS src/main/webapp/vulnerability/UserDetails.jsp Checkmarx
19 High Stored_XSS src/main/webapp/vulnerability/securitymisconfig/pages.jsp Checkmarx
60 High Stored_XSS src/main/webapp/vulnerability/forum.jsp Checkmarx
43 High Stored_XSS src/main/webapp/vulnerability/sqli/download_id.jsp Checkmarx
14 High Stored_XSS src/main/webapp/vulnerability/forumposts.jsp Checkmarx
19 High Stored_XSS src/main/webapp/admin/adminlogin.jsp Checkmarx
12 High Stored_XSS src/main/webapp/vulnerability/Injection/orm.jsp Checkmarx
42 High Stored_XSS src/main/webapp/ForgotPassword.jsp Checkmarx
12 High Stored_XSS src/main/webapp/vulnerability/forumUsersList.jsp Checkmarx
26 High SQL_Injection src/main/webapp/vulnerability/csrf/change-info.jsp Checkmarx
33 High SQL_Injection src/main/webapp/vulnerability/csrf/changepassword.jsp Checkmarx
8 High SQL_Injection src/main/webapp/vulnerability/UserDetails.jsp Checkmarx
42 High SQL_Injection src/main/webapp/ForgotPassword.jsp Checkmarx
16 High SQL_Injection src/main/webapp/myprofile.jsp Checkmarx
35 36 High SQL_Injection src/main/java/org/cysecurity/cspf/jvl/controller/XPathQuery.java Checkmarx
43 44 High SQL_Injection src/main/java/org/cysecurity/cspf/jvl/controller/LoginValidator.java Checkmarx
43 44 45 46 47 High SQL_Injection src/main/java/org/cysecurity/cspf/jvl/controller/Register.java Checkmarx
42 High SQL_Injection src/main/java/org/cysecurity/cspf/jvl/controller/UsernameCheck.java Checkmarx
41 42 43 High SQL_Injection src/main/webapp/vulnerability/forum.jsp Checkmarx
9 High SQL_Injection src/main/webapp/vulnerability/forumposts.jsp Checkmarx
11 High SQL_Injection src/main/webapp/admin/adminlogin.jsp Checkmarx
42 43 44 45 High SQL_Injection src/main/java/org/cysecurity/cspf/jvl/controller/SendMessage.java Checkmarx
12 High SQL_Injection src/main/webapp/vulnerability/securitymisconfig/pages.jsp Checkmarx
27 28 High SQL_Injection src/main/webapp/vulnerability/idor/change-email.jsp Checkmarx
50 High SQL_Injection src/main/webapp/vulnerability/Injection/orm.jsp Checkmarx
13 High SQL_Injection src/main/webapp/admin/manageusers.jsp Checkmarx
16 High SQL_Injection src/main/webapp/vulnerability/DisplayMessage.jsp Checkmarx
43 High SQL_Injection src/main/java/org/cysecurity/cspf/jvl/controller/EmailCheck.java Checkmarx
54 56 57 58 60 High SQL_Injection src/main/java/org/cysecurity/cspf/jvl/controller/Install.java Checkmarx
37 38 39 High SQL_Injection src/main/webapp/changeCardDetails.jsp Checkmarx
18 High SQL_Injection src/main/webapp/vulnerability/sqli/download_id_union.jsp Checkmarx

Logo Checkmarx SCA - Scan Summary & Details

Cx-SCA Summary

Total Packages Identified: 15 Scan Risk Score: 9.80

High 15 High severity vulnerabilities Medium 5 Medium severity vulnerabilities Low 1 Low severity vulnerabilities View more details on Checkmarx UI

Cx-SCA vulnerability result overview

Vulnerability ID Package Severity CVSS score Publish date Current version Recommended version Link in CxSCA Reference – NVD link
CVE-2015-7501 commons-collections:commons-collections HIGH 9.8 2017-11-09T17:29:00 3.2.1 Vulnerability Link CVE-2015-7501
CVE-2020-10683 dom4j:dom4j HIGH 9.8 2020-05-01T19:15:00 1.6.1 Vulnerability Link CVE-2020-10683
CVE-2019-14900 org.hibernate:hibernate-core HIGH 9.8 2019-01-15T00:00:00 4.0.1.Final Vulnerability Link CVE-2019-14900
CVE-2015-2575 mysql:mysql-connector-java HIGH 9.1 2014-12-06T00:00:00 5.1.26 Vulnerability Link CVE-2015-2575
CVE-2018-3258 mysql:mysql-connector-java HIGH 8.8 2018-10-17T01:31:00 5.1.26 Vulnerability Link CVE-2018-3258
CVE-2017-3523 mysql:mysql-connector-java HIGH 8.5 2017-04-24T19:59:00 5.1.26 Vulnerability Link CVE-2017-3523
CVE-2015-6420 commons-collections:commons-collections HIGH 7.5 2015-12-15T05:59:00 3.2.1 Vulnerability Link CVE-2015-6420
Cx78f40514-81ff commons-collections:commons-collections HIGH 7.5 2018-10-31T10:39:00 3.2.1 Vulnerability Link N\A
CVE-2018-1000632 dom4j:dom4j HIGH 7.5 2018-08-20T19:31:00 1.6.1 Vulnerability Link CVE-2018-1000632
Cx6f651376-312a mysql:mysql-connector-java HIGH 7.5 2017-08-14T23:00:00 5.1.26 Vulnerability Link N\A
Cx7ef609d2-efb5 mysql:mysql-connector-java HIGH 7.5 2010-08-01T23:00:00 5.1.26 Vulnerability Link N\A
Cx039cb67c-ead3 mysql:mysql-connector-java HIGH 7.5 2015-08-16T23:00:00 5.1.26 Vulnerability Link N\A
Cxdb5a1032-eda2 org.json:json HIGH 7.5 2019-09-17T10:37:00 20090211 Vulnerability Link N\A
Cx2906ba70-607a org.json:json HIGH 7.5 2017-08-18T09:31:00 20090211 Vulnerability Link N\A
Cx08fcacc9-cb99 org.json:json HIGH 7.5 2017-10-30T11:27:00 20090211 Vulnerability Link N\A