search

CxTyler / JavaVulnerableLab

lab
GNU General Public License v2.0
0 stars 1 forks source link

Update ForgotPassword.jsp #29

Open CxTyler opened 3 years ago

CxTyler commented 3 years ago

Fixed label and resolved bug #78 and #29

CxTyler commented 3 years ago

Scan submitted to Checkmarx

CxTyler commented 3 years ago

Logo
Checkmarx SAST - Scan Summary & Details

Cx-SAST Summary

Total of 805 vulnerabilities
High 274 High
Medium 83 Medium
Low 440 Low
Info 8 Info

Checkmarx Scan Summary

Severity Count
High 274
Medium 83
Low 440
Informational 8

Violation Summary

High 64 High
View more details on Checkmarx UI

Cx-SAST Details

Lines Severity Category File Link
35 36 High XPath_Injection src/main/java/org/cysecurity/cspf/jvl/controller/XPathQuery.java Checkmarx
42 High Stored_XSS src/main/webapp/ForgotPassword.jsp Checkmarx
43 High Stored_XSS src/main/webapp/vulnerability/sqli/download_id_union.jsp Checkmarx
52 High Stored_XSS src/main/java/org/cysecurity/cspf/jvl/controller/LoginValidator.java Checkmarx
19 High Stored_XSS src/main/webapp/vulnerability/securitymisconfig/pages.jsp Checkmarx
21 29 High Stored_XSS src/main/webapp/myprofile.jsp Checkmarx
19 High Stored_XSS src/main/webapp/admin/adminlogin.jsp Checkmarx
24 High Stored_XSS src/main/webapp/vulnerability/idor/download.jsp Checkmarx
14 High Stored_XSS src/main/webapp/vulnerability/Messages.jsp Checkmarx
13 High Stored_XSS src/main/webapp/vulnerability/UserDetails.jsp Checkmarx
16 High Stored_XSS src/main/webapp/vulnerability/DisplayMessage.jsp Checkmarx
60 High Stored_XSS src/main/webapp/vulnerability/forum.jsp Checkmarx
43 High Stored_XSS src/main/webapp/vulnerability/sqli/download_id.jsp Checkmarx
19 High Stored_XSS src/main/webapp/admin/manageusers.jsp Checkmarx
14 High Stored_XSS src/main/webapp/vulnerability/forumposts.jsp Checkmarx
12 High Stored_XSS src/main/webapp/vulnerability/Injection/orm.jsp Checkmarx
12 High Stored_XSS src/main/webapp/vulnerability/forumUsersList.jsp Checkmarx
19 High Second_Order_SQL_Injection src/main/webapp/admin/adminlogin.jsp Checkmarx
52 High Second_Order_SQL_Injection src/main/java/org/cysecurity/cspf/jvl/controller/LoginValidator.java Checkmarx
44 High SQL_Injection src/main/java/org/cysecurity/cspf/jvl/controller/EmailCheck.java Checkmarx
13 High SQL_Injection src/main/webapp/admin/manageusers.jsp Checkmarx
37 38 39 High SQL_Injection src/main/webapp/changeCardDetails.jsp Checkmarx
26 High SQL_Injection src/main/webapp/vulnerability/csrf/change-info.jsp Checkmarx
43 44 High SQL_Injection src/main/java/org/cysecurity/cspf/jvl/controller/LoginValidator.java Checkmarx
43 44 45 46 47 High SQL_Injection src/main/java/org/cysecurity/cspf/jvl/controller/Register.java Checkmarx
33 High SQL_Injection src/main/webapp/vulnerability/csrf/changepassword.jsp Checkmarx
16 High SQL_Injection src/main/webapp/vulnerability/DisplayMessage.jsp Checkmarx
50 High SQL_Injection src/main/webapp/vulnerability/Injection/orm.jsp Checkmarx
41 42 43 High SQL_Injection src/main/webapp/vulnerability/forum.jsp Checkmarx
27 28 High SQL_Injection src/main/webapp/vulnerability/idor/change-email.jsp Checkmarx
43 High SQL_Injection src/main/java/org/cysecurity/cspf/jvl/controller/UsernameCheck.java Checkmarx
8 High SQL_Injection src/main/webapp/vulnerability/UserDetails.jsp Checkmarx
9 High SQL_Injection src/main/webapp/vulnerability/forumposts.jsp Checkmarx
18 High SQL_Injection src/main/webapp/vulnerability/sqli/download_id.jsp Checkmarx
16 High SQL_Injection src/main/webapp/myprofile.jsp Checkmarx
11 High SQL_Injection src/main/webapp/admin/adminlogin.jsp Checkmarx
18 High SQL_Injection src/main/webapp/vulnerability/sqli/download_id_union.jsp Checkmarx
35 36 High SQL_Injection src/main/java/org/cysecurity/cspf/jvl/controller/XPathQuery.java Checkmarx
42 High SQL_Injection src/main/webapp/ForgotPassword.jsp Checkmarx
16 High Reflected_XSS_All_Clients src/main/webapp/vulnerability/xss/search.jsp Checkmarx
14 High Reflected_XSS_All_Clients src/main/webapp/vulnerability/Injection/xslt.jsp Checkmarx
8 High Reflected_XSS_All_Clients src/main/webapp/vulnerability/UserDetails.jsp Checkmarx
2 High Reflected_XSS_All_Clients src/main/webapp/vulnerability/xss/xss4.jsp Checkmarx
58 High Reflected_XSS_All_Clients src/main/webapp/admin/adminlogin.jsp Checkmarx
39 High Reflected_XSS_All_Clients src/main/java/org/cysecurity/cspf/jvl/controller/AddPage.java Checkmarx
9 High Reflected_XSS_All_Clients src/main/webapp/vulnerability/Injection/xpath_login.jsp Checkmarx
44 High Reflected_XSS_All_Clients src/main/java/org/cysecurity/cspf/jvl/controller/xxe.java Checkmarx
7 26 High Reflected_XSS_All_Clients src/main/webapp/login.jsp Checkmarx
11 18 High Reflected_XSS_All_Clients src/main/webapp/vulnerability/SendMessage.jsp Checkmarx

Logo Checkmarx SCA - Scan Summary & Details

Cx-SCA Summary

Total Packages Identified: 23 Scan Risk Score: 9.80

High 23 High severity vulnerabilities Medium 11 Medium severity vulnerabilities Low 1 Low severity vulnerabilities View more details on Checkmarx UI

Cx-SCA vulnerability result overview

Vulnerability ID Package Severity CVSS score Publish date Current version Recommended version Link in CxSCA Reference – NVD link
CVE-2015-7501 commons-collections:commons-collections HIGH 9.8 2017-11-09T17:29:00 3.2.1 Vulnerability Link CVE-2015-7501
CVE-2020-10683 dom4j:dom4j HIGH 9.8 2020-05-01T19:15:00 1.6.1 Vulnerability Link CVE-2020-10683
CVE-2019-10212 io.undertow:undertow-core HIGH 9.8 2019-10-02T19:15:00 2.0.9.Final Vulnerability Link CVE-2019-10212
CVE-2019-3888 io.undertow:undertow-core HIGH 9.8 2019-06-12T14:29:00 2.0.9.Final Vulnerability Link CVE-2019-3888
CVE-2020-1938 org.apache.tomcat:tomcat-coyote HIGH 9.8 2020-02-24T22:15:00 9.0.22 Vulnerability Link CVE-2020-1938
CVE-2015-2575 mysql:mysql-connector-java HIGH 9.1 2014-12-06T00:00:00 5.1.26 Vulnerability Link CVE-2015-2575
CVE-2018-3258 mysql:mysql-connector-java HIGH 8.8 2018-10-17T01:31:00 5.1.26 Vulnerability Link CVE-2018-3258
CVE-2017-3523 mysql:mysql-connector-java HIGH 8.5 2017-04-24T19:59:00 5.1.26 Vulnerability Link CVE-2017-3523
CVE-2020-1757 io.undertow:undertow-core HIGH 8.1 2020-04-21T17:15:00 2.0.9.Final Vulnerability Link CVE-2020-1757
Cx78f40514-81ff commons-collections:commons-collections HIGH 7.5 2018-10-31T10:39:00 3.2.1 Vulnerability Link N\A
CVE-2015-6420 commons-collections:commons-collections HIGH 7.5 2015-12-15T05:59:00 3.2.1 Vulnerability Link CVE-2015-6420
CVE-2018-1000632 dom4j:dom4j HIGH 7.5 2018-08-20T19:31:00 1.6.1 Vulnerability Link CVE-2018-1000632
CVE-2020-10705 io.undertow:undertow-core HIGH 7.5 2020-06-10T20:15:00 2.0.9.Final Vulnerability Link CVE-2020-10705
CVE-2020-1745 io.undertow:undertow-core HIGH 7.5 2020-04-28T15:15:00 2.0.9.Final Vulnerability Link CVE-2020-1745
Cx039cb67c-ead3 mysql:mysql-connector-java HIGH 7.5 2015-08-16T23:00:00 5.1.26 Vulnerability Link N\A
Cx6f651376-312a mysql:mysql-connector-java HIGH 7.5 2017-08-14T23:00:00 5.1.26 Vulnerability Link N\A
Cx7ef609d2-efb5 mysql:mysql-connector-java HIGH 7.5 2010-08-01T23:00:00 5.1.26 Vulnerability Link N\A
CVE-2020-11996 org.apache.tomcat:tomcat-coyote HIGH 7.5 2020-06-26T17:15:00 9.0.22 Vulnerability Link CVE-2020-11996
CVE-2020-13934 org.apache.tomcat:tomcat-coyote HIGH 7.5 2020-07-14T15:15:00 9.0.22 Vulnerability Link CVE-2020-13934
Cx08fcacc9-cb99 org.json:json HIGH 7.5 2017-10-30T11:27:00 20131018 Vulnerability Link N\A
Cx2906ba70-607a org.json:json HIGH 7.5 2017-08-18T09:31:00 20131018 Vulnerability Link N\A
Cxdb5a1032-eda2 org.json:json HIGH 7.5 2019-09-17T10:37:00 20131018 Vulnerability Link N\A
CVE-2020-25638 org.hibernate:hibernate-core HIGH 7.4 2020-09-22T16:32:00 4.0.1.Final Vulnerability Link CVE-2020-25638
CVE-2020-10719 io.undertow:undertow-core MEDIUM 6.5 2020-05-26T16:15:00 2.0.9.Final Vulnerability Link CVE-2020-10719
CVE-2020-10687 io.undertow:undertow-core MEDIUM 6.5 2020-09-23T13:15:00 2.0.9.Final Vulnerability Link CVE-2020-10687
CVE-2019-14900 org.hibernate:hibernate-core MEDIUM 6.5 2019-01-15T00:00:00 4.0.1.Final Vulnerability Link CVE-2019-14900
CVE-2017-3586 mysql:mysql-connector-java MEDIUM 6.4 2017-04-24T19:59:00 5.1.26 Vulnerability Link CVE-2017-3586
CVE-2019-2692 mysql:mysql-connector-java MEDIUM 6.3 2019-04-23T19:32:00 5.1.26 Vulnerability Link CVE-2019-2692
CVE-2020-2934 mysql:mysql-connector-java MEDIUM 5.0 2020-04-15T14:15:00 5.1.26 Vulnerability Link CVE-2020-2934
CVE-2019-17569 org.apache.tomcat:tomcat-coyote MEDIUM 4.8 2020-02-24T22:15:00 9.0.22 Vulnerability Link CVE-2019-17569
CVE-2020-1935 org.apache.tomcat:tomcat-coyote MEDIUM 4.8 2020-02-24T22:15:00 9.0.22 Vulnerability Link CVE-2020-1935
CVE-2020-2875 mysql:mysql-connector-java MEDIUM 4.7 2020-04-15T14:15:00 5.1.26 Vulnerability Link CVE-2020-2875
CVE-2020-13943 org.apache.tomcat:tomcat-coyote MEDIUM 4.3 2020-10-12T14:15:00 9.0.22 Vulnerability Link CVE-2020-13943
CVE-2017-3589 mysql:mysql-connector-java MEDIUM 3.3 2017-04-24T19:59:00 5.1.26 Vulnerability Link CVE-2017-3589
CVE-2020-2933 mysql:mysql-connector-java LOW 2.2 2020-04-15T14:15:00 5.1.26 Vulnerability Link CVE-2020-2933