smmclaughlin / CxFlowBodgeit

0 stars 0 forks source link

CX XSRF @ root/register.jsp [master] #19

Open smmclaughlin opened 3 years ago

smmclaughlin commented 3 years ago

XSRF issue exists @ root/register.jsp in branch master

Method = at line 7 of root\register.jsp gets a parameter from a user request from ""password1"". This parameter value flows through the code and is eventually used to access application state altering functionality. This may enable Cross-Site Request Forgery (CSRF).

Severity: Medium

CWE:352

Checkmarx

Training Recommended Fix

Lines: 51 7 46


Code (Line #51):

                        basketId = cookie.getValue();

Code (Line #7):

String password1 = (String) request.getParameter("password1");

Code (Line #46):

            Cookie[] cookies = request.getCookies();

smmclaughlin commented 3 years ago

Issue still exists.