CX Stored_XSS @ src/main/webapp/vulnerability/sqli/download_id.jsp [master]

**Stored_XSS** issue exists @ **src/main/webapp/vulnerability/sqli/download_id.jsp** in branch **master**

*Method while at line 43 of src\main\webapp\vulnerability\sqli\download_id.jsp gets data from the database, for the byteBuffer element. This element&#8217;s value then flows through the code without being properly filtered or encoded and is eventually displayed to the user in method outStream.write at line 45 of src\main\webapp\vulnerability\sqli\download_id.jsp. This may enable a Stored Cross-Site-Scripting attack.*

Severity: High
CWE:79
[Vulnerability details and guidance](https://cwe.mitre.org/data/definitions/79.html)
[Internal Guidance](https://checkmarx.atlassian.net/wiki/spaces/AS/pages/79462432/Remediation+Guidance)
[Checkmarx](http://localhost:8100/CxWebClient/ViewerMain.aspx?scanid=1020234&projectid=20070&pathid=622)
Lines: [43](https://github.com/Custodela/JavaVulnerableLab/blob/master/src/main/webapp/vulnerability/sqli/download_id.jsp#L43) 

---
[Code (Line #43):](https://github.com/Custodela/JavaVulnerableLab/blob/master/src/main/webapp/vulnerability/sqli/download_id.jsp#L43)
```
                while ((in != null) && ((length = in.read(byteBuffer)) != -1))
```
---


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

CX Stored_XSS @ src/main/webapp/vulnerability/sqli/download_id.jsp [master] #46

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

CX Stored_XSS @ src/main/webapp/vulnerability/sqli/download_id.jsp [master] #46

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions