Custodela / Riches

0 stars 3 forks source link

CX CGI_Reflected_XSS_All_Clients @ riches/pages/content/oper/Newsletter.jsp [master] #107

Closed kmcdon83 closed 5 years ago

kmcdon83 commented 5 years ago

CGI_Reflected_XSS_All_Clients issue exists @ riches/pages/content/oper/Newsletter.jsp in branch master

Unvalidated input was found in line number 18 in riches\pages\content\oper\Newsletter.jsp file. A possible XSS exploitation was found in println at line number 53.

Severity: Medium CWE:79 Vulnerability details and guidance Internal Guidance Lines: 18 25


Code (Line #18):

                            <table cellpadding="0" cellspacing="0"><tr ><td style="border:0px" width="50px"><strong>Subject:</strong></td><td style="border:0px"><s:textfield label="Subject" name="subject" size="50"/></td></tr></table>

Code (Line #25):

                                        <td colspan="2" align="left"><s:textarea label="Body" name="body" cols="114" rows="12"/></td>

kmcdon83 commented 5 years ago

Issue still exists.