search

tsunez / dvna

Damn Vulnerable NodeJS Application
MIT License
0 stars 0 forks source link

CX Frameable_Login_Page @ core/authhandler.js [master] #8

Open tsunez opened 3 years ago

tsunez commented 3 years ago

Frameable_Login_Page issue exists @ core/authhandler.js in branch master

The web-application does not properly utilize the "X-FRAME-OPTIONS" header to restrict embedding web-pages inside of a frame.

Severity: Medium

CWE:829

Vulnerability details and guidance

Checkmarx

Recommended Fix

Lines: 19 5 69 41 13

Code (Line #19):

module.exports.forgotPw = function (req, res) {

Code (Line #5):

module.exports.isAuthenticated = function (req, res, next) {

Code (Line #69):

module.exports.resetPwSubmit = function (req, res) {

Code (Line #41):

module.exports.resetPw = function (req, res) {

Code (Line #13):

module.exports.isNotAuthenticated = function (req, res, next) {
tsunez commented 3 years ago

Issue still exists.

SUMMARY

Issue has 5 vulnerability/vulnerabilities left to be fixed (Please scroll to the top for more information)

tsunez commented 3 years ago

Issue still exists.

SUMMARY

Issue has 5 vulnerability/vulnerabilities left to be fixed (Please scroll to the top for more information)

tsunez commented 3 years ago

Issue still exists.

SUMMARY

Issue has 5 vulnerability/vulnerabilities left to be fixed (Please scroll to the top for more information)

tsunez commented 3 years ago

Issue still exists.

SUMMARY

Issue has 5 vulnerability/vulnerabilities left to be fixed (Please scroll to the top for more information)

tsunez commented 3 years ago

Issue still exists.

SUMMARY

Issue has 5 vulnerability/vulnerabilities left to be fixed (Please scroll to the top for more information)

tsunez commented 3 years ago

Issue still exists.

SUMMARY

Issue has 5 vulnerability/vulnerabilities left to be fixed (Please scroll to the top for more information)