CX Reflected_XSS_All_Clients @ src/main/webapp/login.jsp [master]

**Reflected_XSS_All_Clients** issue exists @ **src/main/webapp/login.jsp** in branch **master**

*Method if at line 26 of src\main\webapp\login.jsp gets user input for the &quot;&quot;err&quot;&quot; element. This element&#8217;s value then flows through the code without being properly sanitized or validated and is eventually displayed to the user in method if at line 26 of src\main\webapp\login.jsp. This may enable a Cross-Site-Scripting attack.*

Severity: High
CWE:79
[Vulnerability details and guidance](https://cwe.mitre.org/data/definitions/79.html)
[Internal Guidance](https://checkmarx.atlassian.net/wiki/spaces/AS/pages/79462432/Remediation+Guidance)
[Checkmarx](http://localhost:8100/CxWebClient/ViewerMain.aspx?scanid=1020234&projectid=20070&pathid=340)
Lines: [7](https://github.com/Custodela/JavaVulnerableLab/blob/master/src/main/webapp/login.jsp#L7) [26](https://github.com/Custodela/JavaVulnerableLab/blob/master/src/main/webapp/login.jsp#L26) 

---
[Code (Line #7):](https://github.com/Custodela/JavaVulnerableLab/blob/master/src/main/webapp/login.jsp#L7)
```
 Cookie[] cookies = request.getCookies();
```
---
[Code (Line #26):](https://github.com/Custodela/JavaVulnerableLab/blob/master/src/main/webapp/login.jsp#L26)
```
<tr><td></td><td class="fail"><% if(request.getParameter("err")!=null){out.print(request.getParameter("err"));} %></td></tr>
```
---


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

CX Reflected_XSS_All_Clients @ src/main/webapp/login.jsp [master] #48

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

CX Reflected_XSS_All_Clients @ src/main/webapp/login.jsp [master] #48

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions