CX Reflected_XSS_All_Clients @ riches/WEB-INF/src/java/com/checkmarx/samples/riches/restful/AccountResources.java [master]

kartikdedhia commented 5 years ago

Reflected_XSS_All_Clients issue exists @ riches/WEB-INF/src/java/com/checkmarx/samples/riches/restful/AccountResources.java in branch master

Method AddAccount at line 102 of riches\WEB-INF\src\java\com\checkmarx\samples\riches\restful\AccountResources.java gets user input for the representation element. This element’s value then flows through the code without being properly sanitized or validated and is eventually displayed to the user in method AddAccount at line 102 of riches\WEB-INF\src\java\com\checkmarx\samples\riches\restful\AccountResources.java. This may enable a Cross-Site-Scripting attack.

Severity: High CWE:79 Checkmarx Lines: 102 124

Code (Line #102):

    public String AddAccount(String representation) {

Code (Line #124):

    public String WriteCheck(String representation) {

kartikdedhia commented 4 years ago

Issue still exists.

kartikdedhia commented 4 years ago

Issue still exists.

kartikdedhia commented 3 years ago

XSS

secure-code-warrior-for-github[bot] commented 3 years ago

Micro-Learning Topic: XSS (Detected by phrase)

What is this? (2min video)

Reflected cross-site scripting vulnerabilities occur when unescaped input is displayed in the resulting page displayed to the user. When HTML or script is included in the input, it will be processed by a user's browser as HTML or script and can alter the appearance of the page or execute malicious scripts in their user context.

kartikdedhia / Riches

CX Reflected_XSS_All_Clients @ riches/WEB-INF/src/java/com/checkmarx/samples/riches/restful/AccountResources.java [master] #19

Micro-Learning Topic: XSS (Detected by phrase)

Try this challenge in Secure Code Warrior