Skip to content

Stored_XSS @ /LoginValidator.java #276

New issue
New issue
Open
Open
Stored_XSS @ /LoginValidator.java#276
Labels
CheckmarxSASTbranch:mainproject:cx-boris-goman/borJavaVul
@cx-boris-goman

Description

@cx-boris-goman
cx-boris-goman
opened on Apr 9, 2025

Checkmarx (SAST): Stored_XSS
Security Issue: Read More about Stored_XSS
Checkmarx Project: cx-boris-goman/borJavaVul
Repository URL: https://github.com/cx-boris-goman/borJavaVul
Branch: main
Scan ID: df63710a-c9c2-4406-9ad7-319bd05458a4

The method header embeds untrusted data in generated output with print, at line 87 of /src/main/webapp/header.jsp. This untrusted data is embedded into the output without proper sanitization or encoding, enabling an attacker to inject malicious code into the generated web-page.

The attacker would be able to alter the returned web page by saving malicious data in a data-store ahead of time. The attacker's modified data is then read from the database by the processRequest method with rs, at line 18 of /LoginValidator.java. This untrusted data then flows through the code straight to the output web page, without sanitization. 

This can enable a Stored Cross-Site Scripting (XSS) attack.

Result 1:
Severity: CRITICAL
State: TO_VERIFY
Status: RECURRENT
Attack Vector:

    1. rs: /LoginValidator.java[18,36]
    2. rs: /LoginValidator.java[19,53]
    3. rs: /LoginValidator.java[22,67]
    4. getString: /LoginValidator.java[22,79]
    5. getAttribute: /src/main/webapp/header.jsp[87,158]
    6. print: /src/main/webapp/header.jsp[87,137]
    Review result in Checkmarx One: Stored_XSS

Result 2:
Severity: CRITICAL
State: TO_VERIFY
Status: RECURRENT
Attack Vector:

    1. rs: /LoginValidator.java[18,36]
    2. rs: /LoginValidator.java[19,53]
    3. rs: /LoginValidator.java[22,67]
    4. getString: /LoginValidator.java[22,79]
    5. getAttribute: /src/main/webapp/vulnerability/idor/change-email.jsp[19,86]
    6. print: /src/main/webapp/vulnerability/idor/change-email.jsp[19,65]
    Review result in Checkmarx One: Stored_XSS

Result 3:
Severity: CRITICAL
State: TO_VERIFY
Status: RECURRENT
Attack Vector:

    1. rs: /LoginValidator.java[18,36]
    2. rs: /LoginValidator.java[19,53]
    3. rs: /LoginValidator.java[22,67]
    4. getString: /LoginValidator.java[22,79]
    5. getAttribute: /src/main/webapp/vulnerability/Messages.jsp[24,84]
    6. print: /src/main/webapp/vulnerability/Messages.jsp[24,15]
    Review result in Checkmarx One: Stored_XSS

Result 4:
Severity: CRITICAL
State: TO_VERIFY
Status: RECURRENT
Attack Vector:

    1. rs: /LoginValidator.java[18,36]
    2. rs: /LoginValidator.java[19,53]
    3. rs: /LoginValidator.java[22,67]
    4. getString: /LoginValidator.java[22,79]
    5. getAttribute: /src/main/webapp/vulnerability/DisplayMessage.jsp[35,93]
    6. print: /src/main/webapp/vulnerability/DisplayMessage.jsp[35,24]
    Review result in Checkmarx One: Stored_XSS

Result 5:
Severity: CRITICAL
State: TO_VERIFY
Status: RECURRENT
Attack Vector:

    1. rs: /LoginValidator.java[18,36]
    2. rs: /LoginValidator.java[19,53]
    3. rs: /LoginValidator.java[22,67]
    4. getString: /LoginValidator.java[22,79]
    5. getAttribute: /src/main/webapp/changeCardDetails.jsp[29,34]
    6. toString: /src/main/webapp/changeCardDetails.jsp[29,53]
    7. id: /src/main/webapp/changeCardDetails.jsp[29,11]
    8. id: /src/main/webapp/changeCardDetails.jsp[52,64]
    9. print: /src/main/webapp/changeCardDetails.jsp[52,15]
    Review result in Checkmarx One: Stored_XSS

Result 6:
Severity: CRITICAL
State: TO_VERIFY
Status: RECURRENT
Attack Vector:

    1. rs: /LoginValidator.java[18,36]
    2. rs: /LoginValidator.java[19,53]
    3. rs: /LoginValidator.java[22,67]
    4. getString: /LoginValidator.java[22,79]
    5. getAttribute: /src/main/webapp/vulnerability/csrf/change-info.jsp[27,34]
    6. toString: /src/main/webapp/vulnerability/csrf/change-info.jsp[27,53]
    7. id: /src/main/webapp/vulnerability/csrf/change-info.jsp[27,11]
    8. id: /src/main/webapp/vulnerability/csrf/change-info.jsp[35,63]
    9. print: /src/main/webapp/vulnerability/csrf/change-info.jsp[35,14]
    Review result in Checkmarx One: Stored_XSS

Result 7:
Severity: CRITICAL
State: TO_VERIFY
Status: RECURRENT
Attack Vector:

    1. rs: /LoginValidator.java[18,36]
    2. rs: /LoginValidator.java[19,53]
    3. rs: /LoginValidator.java[22,67]
    4. rs: /LoginValidator.java[23,65]
    5. getString: /LoginValidator.java[23,77]
    6. getAttribute: /src/main/webapp/vulnerability/forum.jsp[32,132]
    7. print: /src/main/webapp/vulnerability/forum.jsp[32,111]
    Review result in Checkmarx One: Stored_XSS

Result 8:
Severity: CRITICAL
State: TO_VERIFY
Status: RECURRENT
Attack Vector:

    1. rs: /LoginValidator.java[18,36]
    2. rs: /LoginValidator.java[19,53]
    3. rs: /LoginValidator.java[22,67]
    4. rs: /LoginValidator.java[23,65]
    5. getString: /LoginValidator.java[23,77]
    6. getAttribute: /src/main/webapp/vulnerability/forum.jsp[24,59]
    7. print: /src/main/webapp/vulnerability/forum.jsp[24,29]
    Review result in Checkmarx One: Stored_XSS

Result 9:
Severity: CRITICAL
State: TO_VERIFY
Status: RECURRENT
Attack Vector:

    1. rs: /LoginValidator.java[18,36]
    2. rs: /LoginValidator.java[19,53]
    3. rs: /LoginValidator.java[22,67]
    4. rs: /LoginValidator.java[23,65]
    5. getString: /LoginValidator.java[23,77]
    6. getAttribute: /src/main/webapp/index.jsp[5,44]
    7. print: /src/main/webapp/index.jsp[5,14]
    Review result in Checkmarx One: Stored_XSS

Result 10:
Severity: CRITICAL
State: TO_VERIFY
Status: RECURRENT
Attack Vector:

    1. rs: /LoginValidator.java[18,36]
    2. rs: /LoginValidator.java[19,53]
    3. rs: /LoginValidator.java[22,67]
    4. rs: /LoginValidator.java[23,65]
    5. getString: /LoginValidator.java[23,77]
    6. getAttribute: /src/main/webapp/vulnerability/SendMessage.jsp[21,73]
    Review result in Checkmarx One: Stored_XSS

Result 11:
Severity: CRITICAL
State: TO_VERIFY
Status: RECURRENT
Attack Vector:

    1. rs: /LoginValidator.java[18,36]
    2. rs: /LoginValidator.java[19,53]
    3. rs: /LoginValidator.java[22,67]
    4. getString: /LoginValidator.java[22,79]
    5. getAttribute: /src/main/webapp/header.jsp[148,109]
    6. print: /src/main/webapp/header.jsp[148,46]
    Review result in Checkmarx One: Stored_XSS

Result 12:
Severity: CRITICAL
State: TO_VERIFY
Status: RECURRENT
Attack Vector:

    1. rs: /LoginValidator.java[18,36]
    2. rs: /LoginValidator.java[19,53]
    3. rs: /LoginValidator.java[22,67]
    4. getString: /LoginValidator.java[22,79]
    5. getAttribute: /src/main/webapp/vulnerability/idor/change-email.jsp[36,83]
    6. print: /src/main/webapp/vulnerability/idor/change-email.jsp[36,14]
    Review result in Checkmarx One: Stored_XSS

Metadata

Metadata

Assignees

No one assigned

    Labels

    CheckmarxSASTbranch:mainproject:cx-boris-goman/borJavaVul

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions