Custodela / Riches

0 stars 3 forks source link

CX CGI_Stored_XSS @ riches/WEB-INF/src/java/com/checkmarx/samples/riches/model/AccountService.java [master] #103

Closed kmcdon83 closed 5 years ago

kmcdon83 commented 5 years ago

CGI_Stored_XSS issue exists @ riches/WEB-INF/src/java/com/checkmarx/samples/riches/model/AccountService.java in branch master

Unvalidated DB output was found in line number 180 in riches\WEB-INF\src\java\com\checkmarx\samples\riches\model\AccountService.java file. A possible XSS exploitation was found in println at line number 180.

Severity: Medium CWE:79 Vulnerability details and guidance Internal Guidance Lines: 193 194 188 189


Code (Line #193):

            criteria = session.createCriteria(Account.class);

Code (Line #194):

            criteria.add(Expression.eq("acctno", to));

Code (Line #188):

            Criteria criteria = session.createCriteria(Account.class);

Code (Line #189):

            criteria.add(Expression.eq("acctno", from));

kmcdon83 commented 5 years ago

Issue still exists.