CX Reflected_XSS_All_Clients @ BookDetail_jsp.java [master]

**Reflected_XSS_All_Clients** issue exists @ **BookDetail_jsp.java** in branch **master**

*Method getParam at line 168 of BookDetail_jsp.java gets user input for the paramName element. This element&#8217;s value then flows through the code without being properly sanitized or validated and is eventually displayed to the user in method Detail_Show at line 502 of BookDetail_jsp.java. This may enable a Cross-Site-Scripting attack.*

Severity: High
CWE:79
[Vulnerability details and guidance](https://cwe.mitre.org/data/definitions/79.html)
[Checkmarx](http://2016CITEMPLATE/CxWebClient/ViewerMain.aspx?scanid=1000096&projectid=53&pathid=20)
Lines: [169](https://github.com/ghannamz/test/blob/master/BookDetail_jsp.java#L169) 

---
[Code (Line #169):](https://github.com/ghannamz/test/blob/master/BookDetail_jsp.java#L169)
```
    String param = req.getParameter(paramName);
```
---


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

CX Reflected_XSS_All_Clients @ BookDetail_jsp.java [master] #44

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

CX Reflected_XSS_All_Clients @ BookDetail_jsp.java [master] #44

Description

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions