kmcdon83
commented
4 years ago Issue still exists.
Open kmcdon83 opened 4 years ago
kmcdon83
commented
4 years ago Issue still exists.
kmcdon83
commented
4 years ago Issue still exists.
kmcdon83
commented
4 years ago Issue still exists.
Reflected_XSS_All_Clients issue exists @ riches/pages/content/Security.jsp in branch master
Method url="<%=request.getParameter at line 6 of riches\pages\content\Security.jsp gets user input for the ""privacy_statement"" element. This element’s value then flows through the code without being properly sanitized or validated and is eventually displayed to the user in method url="<%=request.getParameter at line 6 of riches\pages\content\Security.jsp. This may enable a Cross-Site-Scripting attack.
Severity: High
CWE:79
Vulnerability details and guidance
Internal Guidance
Checkmarx
Lines Marked Not Exploitable: 6