CX Reflected_XSS_All_Clients @ riches/login/error.jsp [master]

[kartikdedhia]

Reflected_XSS_All_Clients issue exists @ riches/login/error.jsp in branch master

Method <%=request.getParameter at line 11 of riches\login\error.jsp gets user input for the ""j_username"" element. This element’s value then flows through the code without being properly sanitized or validated and is eventually displayed to the user in method <%=request.getParameter at line 11 of riches\login\error.jsp. This may enable a Cross-Site-Scripting attack.

Severity: High CWE:79 Checkmarx Lines: 11

---

Code (Line #11):

Bad credentials for : <%=request.getParameter("j_username")%><br>

---

[kartikdedhia]

Issue still exists.

[kartikdedhia]

Issue still exists.