Title: Stored_XSS @ adminlogin.jsp · Issue #101 · mridilla/JavaVulnerableLab · GitHub
Open Graph Title: Stored_XSS @ adminlogin.jsp · Issue #101 · mridilla/JavaVulnerableLab
X Title: Stored_XSS @ adminlogin.jsp · Issue #101 · mridilla/JavaVulnerableLab
Description: Stored_XSS issue exists @ adminlogin.jsp in branch master The application's changeCardDetails embeds untrusted data in the generated output with print, at line 52 of /src/main/webapp/changeCardDetails.jsp. This untrusted data is embedded...
Open Graph Description: Stored_XSS issue exists @ adminlogin.jsp in branch master The application's changeCardDetails embeds untrusted data in the generated output with print, at line 52 of /src/main/webapp/changeCardDeta...
X Description: Stored_XSS issue exists @ adminlogin.jsp in branch master The application's changeCardDetails embeds untrusted data in the generated output with print, at line 52 of /src/main/webapp/changeCard...
Opengraph URL: https://github.com/mridilla/JavaVulnerableLab/issues/101
X: @github
Domain: github.com
{"@context":"https://schema.org","@type":"DiscussionForumPosting","headline":"Stored_XSS @ adminlogin.jsp","articleBody":"**Stored\\_XSS** issue exists @ **adminlogin\\.jsp** in branch **master**\r\n\r\nThe application's changeCardDetails embeds untrusted data in the generated output with print, at line 52 of /src/main/webapp/changeCardDetails.jsp. This untrusted data is embedded straight into the output without proper sanitization or encoding, enabling an attacker to inject malicious code into the output.\n\nThe attacker would be able to alter the returned web page by saving malicious data in a data-store ahead of time. The attacker's modified data is then read from the database by the adminlogin method with rs, at line 19 of /src/main/webapp/admin/adminlogin.jsp. This untrusted data then flows through the code straight to the output web page, without sanitization. \r\n\r\nThis can enable a Stored Cross-Site Scripting (XSS) attack.\r\n\r\n**Namespace:** mridilla\r\n**Repository:** JavaVulnerableLab\r\n**Repository Url:** https://github.com/mridilla/JavaVulnerableLab\r\n**CxAST\\-Project:** mridilla/JavaVulnerableLab\r\n**CxAST platform scan:** [e1fc43b6\\-0e4d\\-4a93\\-8009\\-8fe24d4a9091](https://ast.checkmarx.net/projects/188bd83b-3bc2-4f79-9ccc-90f764c20505/scans?id=e1fc43b6-0e4d-4a93-8009-8fe24d4a9091\u0026branch=master)\r\n**Branch:** master\r\n**Application:** JavaVulnerableLab\r\n**Severity:** HIGH\r\n**State:** TO_VERIFY\r\n**Status:** RECURRENT\r\n**CWE:** 79\r\n**Lines:** [19](https://github.com/mridilla/JavaVulnerableLab/blob/master/src/main/webapp/admin/adminlogin.jsp#L19) \r\n\r\n----\r\n**References**\r\n[Read more](https://ast.checkmarx.net/results/e1fc43b6-0e4d-4a93-8009-8fe24d4a9091/188bd83b-3bc2-4f79-9ccc-90f764c20505/sast/description/79/13625251660291496964)\r\n","author":{"url":"https://github.com/mridilla","@type":"Person","name":"mridilla"},"datePublished":"2022-07-01T14:26:26.000Z","interactionStatistic":{"@type":"InteractionCounter","interactionType":"https://schema.org/CommentAction","userInteractionCount":0},"url":"https://github.com/101/JavaVulnerableLab/issues/101"}
| route-pattern | /_view_fragments/issues/show/:user_id/:repository/:id/issue_layout(.:format) |
| route-controller | voltron_issues_fragments |
| route-action | issue_layout |
| fetch-nonce | v2:ad112115-f649-473f-18d1-337992756d7d |
| current-catalog-service-hash | 81bb79d38c15960b92d99bca9288a9108c7a47b18f2423d0f6438c5b7bcd2114 |
| request-id | 98C2:276126:2618D9:31B3AF:6A5B1C85 |
| html-safe-nonce | d8675f787b2735959d0a24fe314ba98013b036cb5cc9184fdfc77e76e82fcab7 |
| visitor-payload | eyJyZWZlcnJlciI6IiIsInJlcXVlc3RfaWQiOiI5OEMyOjI3NjEyNjoyNjE4RDk6MzFCM0FGOjZBNUIxQzg1IiwidmlzaXRvcl9pZCI6IjEzMjc2ODEyOTQ3MTM5NTM0MTMiLCJyZWdpb25fZWRnZSI6ImlhZCIsInJlZ2lvbl9yZW5kZXIiOiJpYWQifQ== |
| visitor-hmac | 9cfccd3e4f760401a9a56d2b7cb2586f26014ed5dd4594ec16a2f93389f44888 |
| hovercard-subject-tag | issue:1291481902 |
| github-keyboard-shortcuts | repository,issues,copilot |
| google-site-verification | Apib7-x98H0j5cPqHWwSMm6dNU4GmODRoqxLiDzdx9I |
| octolytics-url | https://collector.github.com/github/collect |
| analytics-location | / |
| fb:app_id | 1401488693436528 |
| apple-itunes-app | app-id=1477376905, app-argument=https://github.com/_view_fragments/issues/show/mridilla/JavaVulnerableLab/101/issue_layout |
| twitter:image | https://opengraph.githubassets.com/1233b444d40fc0922dc88ea02b0e2c0d38f216d76ecd71adab42864216a7dd9f/mridilla/JavaVulnerableLab/issues/101 |
| twitter:card | summary_large_image |
| og:image | https://opengraph.githubassets.com/1233b444d40fc0922dc88ea02b0e2c0d38f216d76ecd71adab42864216a7dd9f/mridilla/JavaVulnerableLab/issues/101 |
| og:image:alt | Stored_XSS issue exists @ adminlogin.jsp in branch master The application's changeCardDetails embeds untrusted data in the generated output with print, at line 52 of /src/main/webapp/changeCardDeta... |
| og:image:width | 1200 |
| og:image:height | 600 |
| og:site_name | GitHub |
| og:type | object |
| og:author:username | mridilla |
| hostname | github.com |
| expected-hostname | github.com |
| None | 5290d7e14309ad1e76106a9c4237bd1041517e83ea182c8ab756752cb0c6940b |
| turbo-cache-control | no-preview |
| go-import | github.com/mridilla/JavaVulnerableLab git https://github.com/mridilla/JavaVulnerableLab.git |
| octolytics-dimension-user_id | 106341105 |
| octolytics-dimension-user_login | mridilla |
| octolytics-dimension-repository_id | 500864610 |
| octolytics-dimension-repository_nwo | mridilla/JavaVulnerableLab |
| octolytics-dimension-repository_public | true |
| octolytics-dimension-repository_is_fork | true |
| octolytics-dimension-repository_parent_id | 301707927 |
| octolytics-dimension-repository_parent_nwo | cx-maty-siman/JavaVulnerableLab |
| octolytics-dimension-repository_network_root_id | 301707927 |
| octolytics-dimension-repository_network_root_nwo | cx-maty-siman/JavaVulnerableLab |
| turbo-body-classes | logged-out env-production page-responsive |
| disable-turbo | false |
| browser-stats-url | https://api.github.com/_private/browser/stats |
| browser-errors-url | https://api.github.com/_private/browser/errors |
| release | 9c975978430e9ad293956f2bbdaf153b1bd84a99 |
| ui-target | full |
| theme-color | #1e2327 |
| color-scheme | light dark |
Links:
Viewport: width=device-width