Skip to content

Update Register.jsp#377

Open
kmcdon83 wants to merge 1 commit intomasterfrom
kmcdon83-patch-121
Open

Update Register.jsp#377
kmcdon83 wants to merge 1 commit intomasterfrom
kmcdon83-patch-121

Conversation

@kmcdon83
Copy link

@kmcdon83 kmcdon83 commented Apr 9, 2024

No description provided.

@kmcdon83
Copy link
Author

kmcdon83 commented Apr 9, 2024

Logo
Checkmarx One – Scan Summary & Details0e91a2aa-a664-49ef-b086-e8232c85ce2d

New Issues

Severity Issue Source File / Package Checkmarx Insight
HIGH CVE-2010-1870 Maven-com.opensymphony:xwork-2.0.4 Vulnerable Package
HIGH CVE-2010-1870 Maven-org.apache.struts:struts2-core-2.0.11 Vulnerable Package
HIGH CVE-2012-0391 Maven-org.apache.struts:struts2-core-2.0.11 Vulnerable Package
HIGH CVE-2012-0391 Maven-com.opensymphony:xwork-2.0.4 Vulnerable Package
HIGH CVE-2012-0392 Maven-org.apache.struts:struts2-core-2.0.11 Vulnerable Package
HIGH CVE-2012-0838 Maven-org.apache.struts:struts2-core-2.0.11 Vulnerable Package
HIGH CVE-2012-0838 Maven-com.opensymphony:xwork-2.0.4 Vulnerable Package
HIGH CVE-2012-1592 Maven-org.apache.struts:struts2-core-2.0.11 Vulnerable Package
HIGH CVE-2013-1965 Maven-com.opensymphony:xwork-2.0.4 Vulnerable Package
HIGH CVE-2013-1965 Maven-org.apache.struts:struts2-core-2.0.11 Vulnerable Package
HIGH CVE-2013-2134 Maven-org.apache.struts:struts2-core-2.0.11 Vulnerable Package
HIGH CVE-2013-2135 Maven-org.apache.struts:struts2-core-2.0.11 Vulnerable Package
HIGH CVE-2013-2251 Maven-org.apache.struts:struts2-core-2.0.11 Vulnerable Package
HIGH CVE-2013-4316 Maven-org.apache.struts:struts2-core-2.0.11 Vulnerable Package
HIGH CVE-2014-0112 Maven-com.opensymphony:xwork-2.0.4 Vulnerable Package
HIGH CVE-2014-0112 Maven-org.apache.struts:struts2-core-2.0.11 Vulnerable Package
HIGH CVE-2014-0113 Maven-org.apache.struts:struts2-core-2.0.11 Vulnerable Package
HIGH CVE-2014-0114 Maven-commons-beanutils:commons-beanutils-1.7.0 Vulnerable Package
HIGH CVE-2015-1831 Maven-org.apache.struts:struts2-core-2.0.11 Vulnerable Package
HIGH CVE-2015-5209 Maven-org.apache.struts:struts2-core-2.0.11 Vulnerable Package
HIGH CVE-2015-5209 Maven-com.opensymphony:xwork-2.0.4 Vulnerable Package
HIGH CVE-2016-0785 Maven-com.opensymphony:xwork-2.0.4 Vulnerable Package
HIGH CVE-2016-0785 Maven-org.apache.struts:struts2-core-2.0.11 Vulnerable Package
HIGH CVE-2016-3081 Maven-org.apache.struts:struts2-core-2.0.11 Vulnerable Package
HIGH CVE-2016-3082 Maven-org.apache.struts:struts2-core-2.0.11 Vulnerable Package
HIGH CVE-2016-3090 Maven-org.apache.struts:struts2-core-2.0.11 Vulnerable Package
HIGH CVE-2016-4436 Maven-org.apache.struts:struts2-core-2.0.11 Vulnerable Package
HIGH CVE-2016-4461 Maven-com.opensymphony:xwork-2.0.4 Vulnerable Package
HIGH CVE-2016-4461 Maven-org.apache.struts:struts2-core-2.0.11 Vulnerable Package
HIGH CVE-2017-12611 Maven-org.apache.struts:struts2-core-2.0.11 Vulnerable Package
HIGH CVE-2017-5638 Maven-org.apache.struts:struts2-core-2.0.11 Vulnerable Package
HIGH CVE-2017-9787 Maven-com.opensymphony:xwork-2.0.4 Vulnerable Package
HIGH CVE-2018-1000632 Maven-dom4j:dom4j-1.4 Vulnerable Package
HIGH CVE-2018-11776 Maven-com.opensymphony:xwork-2.0.4 Vulnerable Package
HIGH CVE-2018-11776 Maven-org.apache.struts:struts2-core-2.0.11 Vulnerable Package
HIGH CVE-2019-0230 Maven-org.apache.struts:struts2-core-2.0.11 Vulnerable Package
HIGH CVE-2019-0233 Maven-org.apache.struts:struts2-core-2.0.11 Vulnerable Package
HIGH CVE-2020-10683 Maven-dom4j:dom4j-1.4 Vulnerable Package
HIGH CVE-2020-17530 Maven-org.apache.struts:struts2-core-2.0.11 Vulnerable Package
HIGH CVE-2023-41835 Maven-org.apache.struts:struts2-core-2.0.11 Vulnerable Package
HIGH CVE-2023-49735 Maven-org.apache.tiles:tiles-core-2.0.5 Vulnerable Package
HIGH CVE-2023-50164 Maven-org.apache.struts:struts2-core-2.0.11 Vulnerable Package
HIGH Command_Injection /riches/pages/common/hidden_AdminControl.jsp: 74 Attack Vector
HIGH Command_Injection /riches/WEB-INF/src/java/com/checkmarx/samples/riches/oper/SendMessage.java: 60 Attack Vector
HIGH Command_Injection /riches/WEB-INF/src/java/com/checkmarx/samples/riches/oper/SendMessage.java: 60 Attack Vector
HIGH Command_Injection /riches/WEB-INF/src/java/com/checkmarx/samples/riches/oper/SendMessage.java: 60 Attack Vector
HIGH Command_Injection /riches/WEB-INF/src/java/com/checkmarx/samples/riches/oper/SendMessage.java: 60 Attack Vector
HIGH Command_Injection /riches/WEB-INF/src/java/com/checkmarx/samples/riches/oper/SendMessage.java: 52 Attack Vector
HIGH Command_Injection /riches/WEB-INF/src/java/com/checkmarx/samples/riches/oper/SendMessage.java: 52 Attack Vector
HIGH Command_Injection /riches/WEB-INF/src/java/com/checkmarx/samples/riches/oper/SendMessage.java: 52 Attack Vector
HIGH Command_Injection /riches/WEB-INF/src/java/com/checkmarx/samples/riches/oper/SendMessage.java: 52 Attack Vector
HIGH Command_Injection /riches/WEB-INF/src/java/com/checkmarx/samples/riches/oper/SendNewsletter.java: 47 Attack Vector
HIGH Command_Injection /riches/WEB-INF/src/java/com/checkmarx/samples/riches/oper/SendNewsletter.java: 47 Attack Vector
HIGH Command_Injection /riches/WEB-INF/src/java/com/checkmarx/samples/riches/oper/SendNewsletter.java: 39 Attack Vector
HIGH Command_Injection /riches/WEB-INF/src/java/com/checkmarx/samples/riches/oper/SendNewsletter.java: 39 Attack Vector
HIGH Cx78f40514-81ff Maven-commons-collections:commons-collections-2.1 Vulnerable Package
HIGH Reflected_XSS_All_Clients /riches/WEB-INF/src/java/com/checkmarx/samples/riches/restful/AccountResources.java: 124 Attack Vector
HIGH Reflected_XSS_All_Clients /riches/WEB-INF/src/java/com/checkmarx/samples/riches/restful/AccountResources.java: 102 Attack Vector
HIGH Reflected_XSS_All_Clients /riches/WEB-INF/src/java/com/checkmarx/samples/riches/restful/AccountResources.java: 102 Attack Vector
HIGH Reflected_XSS_All_Clients /riches/WEB-INF/src/java/com/checkmarx/samples/riches/restful/TransactionResources.java: 84 Attack Vector
HIGH Reflected_XSS_All_Clients /riches/WEB-INF/src/java/com/checkmarx/samples/riches/restful/TransactionResources.java: 63 Attack Vector
HIGH Reflected_XSS_All_Clients /riches/WEB-INF/src/java/com/checkmarx/samples/riches/restful/TransactionResources.java: 101 Attack Vector
HIGH Reflected_XSS_All_Clients /riches/login/Register.jsp: 77 Attack Vector
HIGH Reflected_XSS_All_Clients /riches/WEB-INF/src/java/com/checkmarx/samples/riches/restful/AccountResources.java: 62 Attack Vector
HIGH Reflected_XSS_All_Clients /riches/login/error.jsp: 11 Attack Vector
HIGH Reflected_XSS_All_Clients /riches/pages/content/Security.jsp: 6 Attack Vector
HIGH SQL_Injection /riches/WEB-INF/src/java/com/checkmarx/samples/riches/AccountDetails.java: 58 Attack Vector
HIGH SQL_Injection /riches/WEB-INF/src/java/com/checkmarx/samples/riches/AccountDetails.java: 58 Attack Vector
HIGH SQL_Injection /riches/WEB-INF/src/java/com/checkmarx/samples/riches/FindLocations.java: 50 Attack Vector
HIGH SQL_Injection /riches/WEB-INF/src/java/com/checkmarx/samples/riches/FindLocations.java: 28 Attack Vector
HIGH SQL_Injection /riches/WEB-INF/src/java/com/checkmarx/samples/riches/Messages.java: 20 Attack Vector
HIGH SQL_Injection /riches/WEB-INF/src/java/com/checkmarx/samples/riches/FindLocations.java: 32 Attack Vector
HIGH SQL_Injection /riches/WEB-INF/src/java/com/checkmarx/samples/riches/FindLocations.java: 32 Attack Vector
HIGH SQL_Injection /riches/WEB-INF/src/java/com/checkmarx/samples/riches/FindLocations.java: 32 Attack Vector
HIGH Stored_XSS /riches/WEB-INF/src/java/com/checkmarx/samples/riches/model/TransactionService.java: 168 Attack Vector
HIGH Stored_XSS /riches/pages/FilesViewer.jsp: 13 Attack Vector
HIGH Stored_XSS /riches/pages/Backup.jsp: 11 Attack Vector
MEDIUM CSRF /riches/WEB-INF/src/java/com/checkmarx/samples/riches/PerformTransfer.java: 30 Attack Vector
MEDIUM CSRF /riches/WEB-INF/src/java/com/checkmarx/samples/riches/PerformChangePass.java: 39 Attack Vector
MEDIUM CSRF /riches/WEB-INF/src/java/com/checkmarx/samples/riches/PerformCheck.java: 49 Attack Vector
MEDIUM CSRF /riches/WEB-INF/src/java/com/checkmarx/samples/riches/PerformChangePass.java: 31 Attack Vector
MEDIUM CSRF /riches/WEB-INF/src/java/com/checkmarx/samples/riches/PerformChangePass.java: 45 Attack Vector
MEDIUM CSRF /riches/WEB-INF/src/java/com/checkmarx/samples/riches/PerformTransfer.java: 30 Attack Vector
MEDIUM CSRF /riches/WEB-INF/src/java/com/checkmarx/samples/riches/PerformChangePass.java: 47 Attack Vector
MEDIUM CSRF /riches/WEB-INF/src/java/com/checkmarx/samples/riches/PerformTransfer.java: 30 Attack Vector
MEDIUM CSRF /riches/WEB-INF/src/java/com/checkmarx/samples/riches/PerformTransfer.java: 30 Attack Vector
MEDIUM CSRF /riches/WEB-INF/src/java/com/checkmarx/samples/riches/PerformCheck.java: 49 Attack Vector
MEDIUM CSRF /riches/WEB-INF/src/java/com/checkmarx/samples/riches/DeleteMessage.java: 14 Attack Vector
MEDIUM CVE-2008-6504 Maven-com.opensymphony:xwork-2.0.4 Vulnerable Package
MEDIUM CVE-2008-6505 Maven-org.apache.struts:struts2-core-2.0.11 Vulnerable Package
MEDIUM CVE-2008-6682 Maven-org.apache.struts:struts2-core-2.0.11 Vulnerable Package
MEDIUM CVE-2009-0781 Maven-tomcat:jasper-compiler-5.0.28 Vulnerable Package
MEDIUM CVE-2009-0781 Maven-tomcat:servlet-api-5.0.18 Vulnerable Package
MEDIUM CVE-2011-5057 Maven-org.apache.struts:struts2-core-2.0.11 Vulnerable Package
MEDIUM CVE-2012-0393 Maven-org.apache.struts:struts2-core-2.0.11 Vulnerable Package
MEDIUM CVE-2012-0394 Maven-org.apache.struts:struts2-core-2.0.11 Vulnerable Package
MEDIUM CVE-2012-1006 Maven-com.opensymphony:xwork-2.0.4 Vulnerable Package
MEDIUM CVE-2012-1006 Maven-org.apache.struts:struts2-core-2.0.11 Vulnerable Package
MEDIUM CVE-2012-4386 Maven-org.apache.struts:struts2-core-2.0.11 Vulnerable Package
MEDIUM CVE-2012-4387 Maven-com.opensymphony:xwork-2.0.4 Vulnerable Package
MEDIUM CVE-2013-2248 Maven-org.apache.struts:struts2-core-2.0.11 Vulnerable Package
MEDIUM CVE-2013-4310 Maven-org.apache.struts:struts2-core-2.0.11 Vulnerable Package
MEDIUM CVE-2014-0094 Maven-org.apache.struts:struts2-core-2.0.11 Vulnerable Package
MEDIUM CVE-2014-0116 Maven-org.apache.struts:struts2-core-2.0.11 Vulnerable Package
MEDIUM CVE-2014-7809 Maven-org.apache.struts:struts2-core-2.0.11 Vulnerable Package
MEDIUM CVE-2015-2992 Maven-org.apache.struts:struts2-core-2.0.11 Vulnerable Package
MEDIUM CVE-2015-5169 Maven-org.apache.struts:struts2-core-2.0.11 Vulnerable Package
MEDIUM CVE-2016-2162 Maven-com.opensymphony:xwork-2.0.4 Vulnerable Package
MEDIUM CVE-2016-2162 Maven-org.apache.struts:struts2-core-2.0.11 Vulnerable Package
MEDIUM CVE-2016-3093 Maven-opensymphony:ognl-2.6.11 Vulnerable Package
MEDIUM CVE-2016-3093 Maven-com.opensymphony:xwork-2.0.4 Vulnerable Package
MEDIUM CVE-2016-4003 Maven-org.apache.struts:struts2-core-2.0.11 Vulnerable Package
MEDIUM CVE-2023-34149 Maven-org.apache.struts:struts2-core-2.0.11 Vulnerable Package
MEDIUM CVE-2023-34396 Maven-org.apache.struts:struts2-core-2.0.11 Vulnerable Package
MEDIUM HttpOnlyCookies /riches/login/logout.jsp: 5 Attack Vector
MEDIUM Improper_Restriction_of_XXE_Ref /riches/WEB-INF/src/java/com/checkmarx/samples/riches/restful/AccountResources.java: 124 Attack Vector
MEDIUM Improper_Restriction_of_XXE_Ref /riches/WEB-INF/src/java/com/checkmarx/samples/riches/restful/AccountResources.java: 102 Attack Vector
MEDIUM Improper_Restriction_of_XXE_Ref /riches/WEB-INF/src/java/com/checkmarx/samples/riches/restful/TransactionResources.java: 84 Attack Vector
MEDIUM Improper_Restriction_of_XXE_Ref /riches/WEB-INF/src/java/com/checkmarx/samples/riches/restful/TransactionResources.java: 63 Attack Vector
MEDIUM Missing_HSTS_Header /riches/login/error-redir.jsp: 1 Attack Vector
MEDIUM Parameter_Tampering /riches/WEB-INF/src/java/com/checkmarx/samples/riches/FindLocations.java: 50 Attack Vector
MEDIUM Parameter_Tampering /riches/WEB-INF/src/java/com/checkmarx/samples/riches/oper/AdminUtil.java: 132 Attack Vector
MEDIUM Privacy_Violation

More results are available on AST platform

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@kmcdon83