search

wwesleyalves / bodgeit

0 stars 0 forks source link

CX Portability_Flaw_Locale_Dependent_Comparison @ root/search.jsp [main] #79

Closed wwesleyalves closed 1 year ago

wwesleyalves commented 1 year ago

Portability_Flaw_Locale_Dependent_Comparison issue exists @ root/search.jsp in branch main

The application handles input strings in a locale-unspecific manner. In particular, root\search.jsp's if calls toLowerCase at line 13 to manipulate the string. The resulting string is compared with indexOf by if, at root\search.jsp:13.Similarity ID: -372724062

Severity: Low

CWE:474

Vulnerability details and guidance

Checkmarx

Training Recommended Fix

Lines: 13

Code (Line #13):

if (query.replaceAll("\\s", "").toLowerCase().indexOf("<script>alert(\"xss\")</script>") >= 0) {