CX Frameable_Login_Page @ core/apphandler.js [master]

[tsunez]

Frameable_Login_Page issue exists @ core/apphandler.js in branch master

The web-application does not properly utilize the "X-FRAME-OPTIONS" header to restrict embedding web-pages inside of a frame.

Severity: Medium

CWE:829

Vulnerability details and guidance

Checkmarx

Recommended Fix

Lines: 194 38 103 136 9 233 76 206 47 144 215 58 186

---

Code (Line #194):

module.exports.calc = function (req, res) {

---

Code (Line #38):

module.exports.ping = function (req, res) {

---

Code (Line #103):

module.exports.modifyProductSubmit = function (req, res) {

---

Code (Line #136):

module.exports.userEdit = function (req, res) {

---

Code (Line #9):

module.exports.userSearch = function (req, res) {

---

Code (Line #233):

module.exports.bulkProducts =  function(req, res) {

---

Code (Line #76):

module.exports.modifyProduct = function (req, res) {

---

Code (Line #206):

module.exports.listUsersAPI = function (req, res) {

---

Code (Line #47):

module.exports.listProducts = function (req, res) {

---

Code (Line #144):

module.exports.userEditSubmit = function (req, res) {

---

Code (Line #215):

module.exports.bulkProductsLegacy = function (req,res){

---

Code (Line #58):

module.exports.productSearch = function (req, res) {

---

Code (Line #186):

module.exports.redirect = function (req, res) {

---

[tsunez]

Issue still exists.

SUMMARY

Issue has 13 vulnerability/vulnerabilities left to be fixed (Please scroll to the top for more information)