Custodela / Riches

0 stars 3 forks source link

CX CGI_Reflected_XSS_All_Clients @ riches/pages/common/hidden_AdminControl.jsp [master] #85

Closed kmcdon83 closed 5 years ago

kmcdon83 commented 5 years ago

CGI_Reflected_XSS_All_Clients issue exists @ riches/pages/common/hidden_AdminControl.jsp in branch master

Unvalidated input was found in line number 24 in riches\pages\common\hidden_AdminControl.jsp file. A possible XSS exploitation was found in println at line number 30.

Severity: Medium CWE:79 Vulnerability details and guidance Internal Guidance Lines: 18 24


Code (Line #18):

<% String alertMessage = request.getParameter("message");

Code (Line #24):

       String specifiedUsers = request.getParameter("users");

kmcdon83 commented 5 years ago

Issue still exists.

kmcdon83 commented 5 years ago

Issue still exists.