Update about.jsp

[cx-justin-ruth]

Scan submitted to Checkmarx

[cx-justin-ruth]

Checkmarx SAST - Scan Summary & Details

Cx-SAST Summary

Total of 395 vulnerabilities  81 High  90 Medium  224 Low  0 Info

Checkmarx Scan Summary

Severity	Count
High	81
Medium	90
Low	224
Informational	0

Violation Summary

 28 High  149 Low  42 Medium

View more details on Checkmarx UI

Cx-SAST Details

Lines	Severity	Category	File	Link
10	Medium	XSRF	root/password.jsp	Checkmarx
7 46 51	Medium	XSRF	root/register.jsp	Checkmarx
38 43 153 165 217	Medium	XSRF	root/basket.jsp	Checkmarx
8 35 40	Medium	XSRF	root/login.jsp	Checkmarx
217	Medium	Unchecked_Input_for_Loop_Condition	root/basket.jsp	Checkmarx
8	Medium	Trust_Boundary_Violation	root/login.jsp	Checkmarx
48	Medium	Session_Fixation	src/com/thebodgeitstore/search/AdvancedSearch.java	Checkmarx
34 35 36	Medium	Session_Fixation	root/register.jsp	Checkmarx
3 4 5	Medium	Session_Fixation	root/logout.jsp	Checkmarx
22 23 24	Medium	Session_Fixation	root/login.jsp	Checkmarx
1	Medium	Missing_HSTS_Header	root/about.jsp	Checkmarx
1	Medium	HttpOnlyCookies_In_Config	root/WEB-INF/web.xml	Checkmarx
1	Medium	HttpOnlyCookies_In_Config	build/WEB-INF/web.xml	Checkmarx
10	Medium	Hardcoded_password_in_Connection_String	root/score.jsp	Checkmarx
10	Medium	Hardcoded_password_in_Connection_String	root/basket.jsp	Checkmarx
89	Medium	Hardcoded_password_in_Connection_String	root/header.jsp	Checkmarx
10	Medium	Hardcoded_password_in_Connection_String	root/advanced.jsp	Checkmarx
10	Medium	Hardcoded_password_in_Connection_String	root/password.jsp	Checkmarx
10	Medium	Hardcoded_password_in_Connection_String	root/home.jsp	Checkmarx
67	Medium	Hardcoded_password_in_Connection_String	root/init.jsp	Checkmarx
10	Medium	Hardcoded_password_in_Connection_String	root/contact.jsp	Checkmarx
10	Medium	Hardcoded_password_in_Connection_String	root/login.jsp	Checkmarx
10	Medium	Hardcoded_password_in_Connection_String	root/admin.jsp	Checkmarx
10	Medium	Hardcoded_password_in_Connection_String	root/product.jsp	Checkmarx
10	Medium	Hardcoded_password_in_Connection_String	root/register.jsp	Checkmarx
10	Medium	Hardcoded_password_in_Connection_String	root/search.jsp	Checkmarx
10	Medium	Hardcoded_password_in_Connection_String	root/dbconnection.jspf	Checkmarx
40	Medium	Client_Potential_XSS	root/js/advanced.js	Checkmarx
8 12 20 30 41 49	Low	Use_of_Non_Cryptographic_Random	root/init.jsp	Checkmarx
24	Low	Use_of_Non_Cryptographic_Random	root/home.jsp	Checkmarx
54	Low	Use_of_Non_Cryptographic_Random	root/contact.jsp	Checkmarx
93 95 188 201 202	Low	Unsynchronized_Access_To_Shared_Data	src/com/thebodgeitstore/search/AdvancedSearch.java	Checkmarx
147	Low	Uncontrolled_Memory_Allocation	src/com/thebodgeitstore/search/AdvancedSearch.java	Checkmarx
7	Low	Suspected_XSS	root/password.jsp	Checkmarx
7	Low	Suspected_XSS	root/contact.jsp	Checkmarx
14	Low	Suspected_XSS	root/header.jsp	Checkmarx
15	Low	Stored_Boundary_Violation	root/login.jsp	Checkmarx
56	Low	Sensitive_Cookie_in_HTTPS_Session_Without_Secure_Attribute	root/login.jsp	Checkmarx
89	Low	Sensitive_Cookie_in_HTTPS_Session_Without_Secure_Attribute	root/basket.jsp	Checkmarx
61	Low	Sensitive_Cookie_in_HTTPS_Session_Without_Secure_Attribute	root/register.jsp	Checkmarx
35	Low	Reliance_on_Cookies_in_a_Decision	root/login.jsp	Checkmarx
46	Low	Reliance_on_Cookies_in_a_Decision	root/register.jsp	Checkmarx
38	Low	Reliance_on_Cookies_in_a_Decision	root/basket.jsp	Checkmarx
1	Low	Potential_Clickjacking_on_Legacy_Browsers	root/advanced.jsp	Checkmarx
83	Low	Portability_Flaw_Locale_Dependent_Comparison	root/login.jsp	Checkmarx
13	Low	Portability_Flaw_Locale_Dependent_Comparison	root/search.jsp	Checkmarx
39	Low	Portability_Flaw_Locale_Dependent_Comparison	root/register.jsp	Checkmarx
26	Low	Portability_Flaw_Locale_Dependent_Comparison	src/com/thebodgeitstore/search/SearchResult.java	Checkmarx
153	Low	Portability_Flaw_Locale_Dependent_Comparison	src/com/thebodgeitstore/search/AdvancedSearch.java	Checkmarx
87	Low	Plaintext_Storage_in_a_Cookie	root/basket.jsp	Checkmarx
96 105	Low	Not_Using_a_Random_IV_with_CBC_Mode	src/com/thebodgeitstore/util/AES.java	Checkmarx
1	Low	Missing_X_Frame_Options	root/WEB-INF/web.xml	Checkmarx
1	Low	Missing_X_Frame_Options	build/WEB-INF/web.xml	Checkmarx
1	Low	Missing_Content_Security_Policy	root/about.jsp	Checkmarx
35	Low	Missing_CSP_Header	root/js/advanced.js	Checkmarx
45 58	Low	Information_Leak_Through_Comments	root/register.jsp	Checkmarx
12	Low	Information_Leak_Through_Comments	root/advanced.jsp	Checkmarx
26	Low	Information_Leak_Through_Comments	root/login.jsp	Checkmarx
52	Low	Information_Exposure_Through_an_Error_Message	root/admin.jsp	Checkmarx
96	Low	Information_Exposure_Through_an_Error_Message	root/header.jsp	Checkmarx
60	Low	Information_Exposure_Through_an_Error_Message	root/login.jsp	Checkmarx
72	Low	Information_Exposure_Through_an_Error_Message	root/contact.jsp	Checkmarx
67 91 121 130 200 277	Low	Information_Exposure_Through_an_Error_Message	root/basket.jsp	Checkmarx
39	Low	Information_Exposure_Through_an_Error_Message	root/home.jsp	Checkmarx
55	Low	Information_Exposure_Through_an_Error_Message	root/search.jsp	Checkmarx
64 75	Low	Information_Exposure_Through_an_Error_Message	root/register.jsp	Checkmarx
95	Low	Information_Exposure_Through_an_Error_Message	root/product.jsp	Checkmarx
35	Low	Information_Exposure_Through_an_Error_Message	root/score.jsp	Checkmarx
8	Low	Information_Exposure_Through_Query_String	root/login.jsp	Checkmarx
7 8	Low	Information_Exposure_Through_Query_String	root/register.jsp	Checkmarx
10 11	Low	Information_Exposure_Through_Query_String	root/password.jsp	Checkmarx
10	Low	Improper_Resource_Shutdown_or_Release	root/password.jsp	Checkmarx
10	Low	Improper_Resource_Shutdown_or_Release	root/basket.jsp	Checkmarx
10	Low	Improper_Resource_Shutdown_or_Release	root/advanced.jsp	Checkmarx
10	Low	Improper_Resource_Shutdown_or_Release	root/login.jsp	Checkmarx
10	Low	Improper_Resource_Shutdown_or_Release	root/home.jsp	Checkmarx
10	Low	Improper_Resource_Shutdown_or_Release	root/search.jsp	Checkmarx
10	Low	Improper_Resource_Shutdown_or_Release	root/score.jsp	Checkmarx
10	Low	Improper_Resource_Shutdown_or_Release	root/product.jsp	Checkmarx
10	Low	Improper_Resource_Shutdown_or_Release	root/dbconnection.jspf	Checkmarx
10	Low	Improper_Resource_Shutdown_or_Release	root/admin.jsp	Checkmarx
10	Low	Improper_Resource_Shutdown_or_Release	root/register.jsp	Checkmarx
10	Low	Improper_Resource_Shutdown_or_Release	root/contact.jsp	Checkmarx
91	Low	Improper_Resource_Access_Authorization	root/header.jsp	Checkmarx
29 63	Low	Improper_Resource_Access_Authorization	root/contact.jsp	Checkmarx
60 84 85 106 114 115 118 171 178 186 193 228 233 247 279	Low	Improper_Resource_Access_Authorization	root/basket.jsp	Checkmarx
29 30 59 60	Low	Improper_Resource_Access_Authorization	root/register.jsp	Checkmarx
34 57	Low	Improper_Resource_Access_Authorization	root/search.jsp	Checkmarx
42 59	Low	Improper_Resource_Access_Authorization	root/product.jsp	Checkmarx
15 28 30 32 51 54 62 86	Low	Improper_Resource_Access_Authorization	root/login.jsp	Checkmarx
24	Low	Improper_Resource_Access_Authorization	root/password.jsp	Checkmarx
14 25	Low	Improper_Resource_Access_Authorization	root/home.jsp	Checkmarx
14	Low	Improper_Resource_Access_Authorization	root/score.jsp	Checkmarx
186	Low	Improper_Resource_Access_Authorization	src/com/thebodgeitstore/search/AdvancedSearch.java	Checkmarx
16 28 40	Low	Improper_Resource_Access_Authorization	root/admin.jsp	Checkmarx
8	Low	Heap_Inspection	root/init.jsp	Checkmarx
8	Low	Heap_Inspection	root/login.jsp	Checkmarx
7 8	Low	Heap_Inspection	root/register.jsp	Checkmarx
103	Low	Heap_Inspection	src/com/thebodgeitstore/util/AES.java	Checkmarx
10 11	Low	Heap_Inspection	root/password.jsp	Checkmarx
10	Low	Empty_Password_In_Connection_String	root/password.jsp	Checkmarx
67	Low	Empty_Password_In_Connection_String	root/init.jsp	Checkmarx
10	Low	Empty_Password_In_Connection_String	root/product.jsp	Checkmarx
10	Low	Empty_Password_In_Connection_String	root/home.jsp	Checkmarx
10	Low	Empty_Password_In_Connection_String	root/login.jsp	Checkmarx
10	Low	Empty_Password_In_Connection_String	root/admin.jsp	Checkmarx
10	Low	Empty_Password_In_Connection_String	root/basket.jsp	Checkmarx
89	Low	Empty_Password_In_Connection_String	root/header.jsp	Checkmarx
10	Low	Empty_Password_In_Connection_String	root/score.jsp	Checkmarx
10	Low	Empty_Password_In_Connection_String	root/search.jsp	Checkmarx
10	Low	Empty_Password_In_Connection_String	root/register.jsp	Checkmarx
10	Low	Empty_Password_In_Connection_String	root/dbconnection.jspf	Checkmarx
10	Low	Empty_Password_In_Connection_String	root/advanced.jsp	Checkmarx
10	Low	Empty_Password_In_Connection_String	root/contact.jsp	Checkmarx
19 20 22	Low	Collapse_of_Data_into_Unsafe_Value	root/contact.jsp	Checkmarx
28	Low	Client_JQuery_Deprecated_Symbols	root/js/advanced.js	Checkmarx
48	Low	Client_DOM_Open_Redirect	root/advanced.jsp	Checkmarx
43 153	Low	Blind_SQL_Injections	root/basket.jsp	Checkmarx
7 51	Low	Blind_SQL_Injections	root/register.jsp	Checkmarx
8 40	Low	Blind_SQL_Injections	root/login.jsp	Checkmarx
10	Low	Blind_SQL_Injections	root/password.jsp	Checkmarx
15	High	Stored_XSS	root/login.jsp	Checkmarx
247	High	Stored_XSS	root/basket.jsp	Checkmarx
34	High	Stored_XSS	root/search.jsp	Checkmarx
16	High	Stored_XSS	root/admin.jsp	Checkmarx
42 59	High	Stored_XSS	root/product.jsp	Checkmarx
14	High	Stored_XSS	root/score.jsp	Checkmarx
63	High	Stored_XSS	root/contact.jsp	Checkmarx
91	High	Stored_XSS	root/header.jsp	Checkmarx
25	High	Stored_XSS	root/home.jsp	Checkmarx
15	High	Second_Order_SQL_Injection	root/login.jsp	Checkmarx
10	High	SQL_Injection	root/password.jsp	Checkmarx
8 35 40	High	SQL_Injection	root/login.jsp	Checkmarx
7 46 51	High	SQL_Injection	root/register.jsp	Checkmarx
38 43 153 217	High	SQL_Injection	root/basket.jsp	Checkmarx
38	High	Reflected_XSS_All_Clients	root/basket.jsp	Checkmarx
35	High	Reflected_XSS_All_Clients	root/login.jsp	Checkmarx
10	High	Reflected_XSS_All_Clients	root/search.jsp	Checkmarx
46	High	Reflected_XSS_All_Clients	root/register.jsp	Checkmarx
11	High	Reflected_XSS_All_Clients	root/contact.jsp	Checkmarx
48	High	Client_DOM_XSS	root/advanced.jsp	Checkmarx