kmcdon83
commented
4 years ago Issue still exists.
Open kmcdon83 opened 4 years ago
kmcdon83
commented
4 years ago Issue still exists.
kmcdon83
commented
4 years ago Issue still exists.
kmcdon83
commented
4 years ago Issue still exists.
Reflected_XSS_All_Clients issue exists @ riches/login/error.jsp in branch master
Method <%=request.getParameter at line 11 of riches\login\error.jsp gets user input for the ""j_username"" element. This element’s value then flows through the code without being properly sanitized or validated and is eventually displayed to the user in method <%=request.getParameter at line 11 of riches\login\error.jsp. This may enable a Cross-Site-Scripting attack.
Severity: High
CWE:79
Vulnerability details and guidance
Internal Guidance
Checkmarx
Lines Marked Not Exploitable: 11