Custodela / Riches

0 stars 3 forks source link

CX CGI_Reflected_XSS_All_Clients @ riches/pages/content/oper/Admin.jsp [master] #121

Closed kmcdon83 closed 5 years ago

kmcdon83 commented 5 years ago

CGI_Reflected_XSS_All_Clients issue exists @ riches/pages/content/oper/Admin.jsp in branch master

Unvalidated input was found in line number 30 in riches\pages\content\oper\Admin.jsp file. A possible XSS exploitation was found in println at line number 66.

Severity: Medium CWE:79 Vulnerability details and guidance Internal Guidance Lines: 23 30


Code (Line #23):

                            <table cellpadding="0" cellspacing="0"><tr ><td style="border:0px" width="50px"><strong>Subject:</strong></td><td style="border:0px"><s:textfield label="Subject" name="subject" size="50"/></td></tr></table>

Code (Line #30):

                                        <td colspan="2" align="left"><s:textarea label="Body" name="body" cols="114" rows="12"/></td>

kmcdon83 commented 5 years ago

Issue still exists.