CX Stored_XSS @ riches/pages/FilesViewer.jsp [master]

**Stored_XSS** issue exists @ **riches/pages/FilesViewer.jsp** in branch **master**

*Method reader.readLine at line 13 of riches\pages\FilesViewer.jsp gets data from the database, for the readLine element. This element&#8217;s value then flows through the code without being properly filtered or encoded and is eventually displayed to the user in method out.println at line 15 of riches\pages\FilesViewer.jsp. This may enable a Stored Cross-Site-Scripting attack.*

Severity: High

CWE:79

[Vulnerability details and guidance](https://cwe.mitre.org/data/definitions/79.html)

[Internal Guidance](https://checkmarx.atlassian.net/wiki/spaces/AS/pages/79462432/Remediation+Guidance)

[Checkmarx](https://ast.dev.checkmarx-ts.com/CxWebClient/ViewerMain.aspx?scanid=1000066&projectid=26&pathid=120)


Lines Marked Not Exploitable: [13](https://github.com/kmcdon83/Riches/blob/master/riches/pages/FilesViewer.jsp#L13) 

---


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

CX Stored_XSS @ riches/pages/FilesViewer.jsp [master] #26

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

CX Stored_XSS @ riches/pages/FilesViewer.jsp [master] #26

Description

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions