CX XSRF @ src/main/java/org/cysecurity/cspf/jvl/controller/SendMessage.java [master]

satyamchaurasiapersistent commented 2 years ago

XSRF issue exists @ src/main/java/org/cysecurity/cspf/jvl/controller/SendMessage.java in branch master

Method processRequest at line 42 of src\main\java\org\cysecurity\cspf\jvl\controller\SendMessage.java gets a parameter from a user request from ""recipient"". This parameter value flows through the code and is eventually used to access application state altering functionality. This may enable Cross-Site Request Forgery (CSRF).

Severity: Medium

CWE:352

Vulnerability details and guidance

Checkmarx

Training Recommended Fix

Lines: 42 43 44 45

Code (Line #42):

                            String recipient=request.getParameter("recipient");

Code (Line #43):

                    String subject=request.getParameter("subject");

Code (Line #44):

                 String msg=request.getParameter("msg");

Code (Line #45):

                 String sender=request.getParameter("sender");

satyamchaurasiapersistent commented 2 years ago

Issue still exists.

satyamchaurasiapersistent commented 2 years ago

Issue still exists.

satyamchaurasiapersistent commented 2 years ago

Issue still exists.

satyamchaurasiapersistent commented 2 years ago

Issue still exists.

satyamchaurasiapersistent / JavaVulnerableLab

CX XSRF @ src/main/java/org/cysecurity/cspf/jvl/controller/SendMessage.java [master] #91