Custodela / Riches

0 stars 3 forks source link

CX CGI_Stored_XSS @ riches/pages/FilesViewer.jsp [master] #108

Closed kmcdon83 closed 5 years ago

kmcdon83 commented 5 years ago

CGI_Stored_XSS issue exists @ riches/pages/FilesViewer.jsp in branch master

Unvalidated DB output was found in line number 13 in riches\pages\FilesViewer.jsp file. A possible XSS exploitation was found in println at line number 15.

Severity: Medium CWE:79 Vulnerability details and guidance Internal Guidance Lines: 13


Code (Line #13):

            line = reader.readLine();

kmcdon83 commented 5 years ago

Issue still exists.