Title: Reflected_XSS_All_Clients @ login.jsp · Issue #97 · mridilla/JavaVulnerableLab · GitHub
Open Graph Title: Reflected_XSS_All_Clients @ login.jsp · Issue #97 · mridilla/JavaVulnerableLab
X Title: Reflected_XSS_All_Clients @ login.jsp · Issue #97 · mridilla/JavaVulnerableLab
Description: Reflected_XSS_All_Clients issue exists @ login.jsp in branch master The application's login embeds untrusted data in the generated output with password, at line 23 of /src/main/webapp/login.jsp. This untrusted data is embedded straight i...
Open Graph Description: Reflected_XSS_All_Clients issue exists @ login.jsp in branch master The application's login embeds untrusted data in the generated output with password, at line 23 of /src/main/webapp/login.jsp. Th...
X Description: Reflected_XSS_All_Clients issue exists @ login.jsp in branch master The application's login embeds untrusted data in the generated output with password, at line 23 of /src/main/webapp/login.jsp...
Opengraph URL: https://github.com/mridilla/JavaVulnerableLab/issues/97
X: @github
Domain: github.com
{"@context":"https://schema.org","@type":"DiscussionForumPosting","headline":"Reflected_XSS_All_Clients @ login.jsp","articleBody":"**Reflected\\_XSS\\_All\\_Clients** issue exists @ **login\\.jsp** in branch **master**\r\n\r\nThe application's login embeds untrusted data in the generated output with password, at line 23 of /src/main/webapp/login.jsp. This untrusted data is embedded straight into the output without proper sanitization or encoding, enabling an attacker to inject malicious code into the output.\n\nThe attacker would be able to alter the returned web page by simply providing modified data in the user input getCookies, which is read by the login method at line 7 of /src/main/webapp/login.jsp. This input then flows through the code straight to the output web page, without sanitization. \r\n\r\nThis can enable a Reflected Cross-Site Scripting (XSS) attack.\r\n\r\n**Namespace:** mridilla\r\n**Repository:** JavaVulnerableLab\r\n**Repository Url:** https://github.com/mridilla/JavaVulnerableLab\r\n**CxAST\\-Project:** mridilla/JavaVulnerableLab\r\n**CxAST platform scan:** [e1fc43b6\\-0e4d\\-4a93\\-8009\\-8fe24d4a9091](https://ast.checkmarx.net/projects/188bd83b-3bc2-4f79-9ccc-90f764c20505/scans?id=e1fc43b6-0e4d-4a93-8009-8fe24d4a9091\u0026branch=master)\r\n**Branch:** master\r\n**Application:** JavaVulnerableLab\r\n**Severity:** HIGH\r\n**State:** TO_VERIFY\r\n**Status:** RECURRENT\r\n**CWE:** 79\r\n**Lines:** [7](https://github.com/mridilla/JavaVulnerableLab/blob/master/src/main/webapp/login.jsp#L7) [26](https://github.com/mridilla/JavaVulnerableLab/blob/master/src/main/webapp/login.jsp#L26) \r\n\r\n----\r\n**References**\r\n[Read more](https://ast.checkmarx.net/results/e1fc43b6-0e4d-4a93-8009-8fe24d4a9091/188bd83b-3bc2-4f79-9ccc-90f764c20505/sast/description/79/8481125285487743346)\r\n","author":{"url":"https://github.com/mridilla","@type":"Person","name":"mridilla"},"datePublished":"2022-07-01T14:26:24.000Z","interactionStatistic":{"@type":"InteractionCounter","interactionType":"https://schema.org/CommentAction","userInteractionCount":0},"url":"https://github.com/97/JavaVulnerableLab/issues/97"}
| route-pattern | /_view_fragments/issues/show/:user_id/:repository/:id/issue_layout(.:format) |
| route-controller | voltron_issues_fragments |
| route-action | issue_layout |
| fetch-nonce | v2:273b974b-a567-b2c9-b6f7-5e52643bbc41 |
| current-catalog-service-hash | 81bb79d38c15960b92d99bca9288a9108c7a47b18f2423d0f6438c5b7bcd2114 |
| request-id | E7EA:282A80:53DF62:6F5F22:6A5B2E79 |
| html-safe-nonce | 5d8c2f834468be4e179a6b450ac3439581b8e29f24c89998c332bd5e97e346ce |
| visitor-payload | eyJyZWZlcnJlciI6IiIsInJlcXVlc3RfaWQiOiJFN0VBOjI4MkE4MDo1M0RGNjI6NkY1RjIyOjZBNUIyRTc5IiwidmlzaXRvcl9pZCI6IjE0MTE3NTU5MTUxODgzMTc4MTgiLCJyZWdpb25fZWRnZSI6ImlhZCIsInJlZ2lvbl9yZW5kZXIiOiJpYWQifQ== |
| visitor-hmac | 89110bbe42f7af0dcd5114066e0dc9167d3ce127220753d62902f4a6e07b1d92 |
| hovercard-subject-tag | issue:1291481860 |
| github-keyboard-shortcuts | repository,issues,copilot |
| google-site-verification | Apib7-x98H0j5cPqHWwSMm6dNU4GmODRoqxLiDzdx9I |
| octolytics-url | https://collector.github.com/github/collect |
| analytics-location | / |
| fb:app_id | 1401488693436528 |
| apple-itunes-app | app-id=1477376905, app-argument=https://github.com/_view_fragments/issues/show/mridilla/JavaVulnerableLab/97/issue_layout |
| twitter:image | https://opengraph.githubassets.com/5a44e9409433cedccd86a9ab98ff4995cd538c9fe5a81044ec4558d9b1feadc9/mridilla/JavaVulnerableLab/issues/97 |
| twitter:card | summary_large_image |
| og:image | https://opengraph.githubassets.com/5a44e9409433cedccd86a9ab98ff4995cd538c9fe5a81044ec4558d9b1feadc9/mridilla/JavaVulnerableLab/issues/97 |
| og:image:alt | Reflected_XSS_All_Clients issue exists @ login.jsp in branch master The application's login embeds untrusted data in the generated output with password, at line 23 of /src/main/webapp/login.jsp. Th... |
| og:image:width | 1200 |
| og:image:height | 600 |
| og:site_name | GitHub |
| og:type | object |
| og:author:username | mridilla |
| hostname | github.com |
| expected-hostname | github.com |
| None | 5290d7e14309ad1e76106a9c4237bd1041517e83ea182c8ab756752cb0c6940b |
| turbo-cache-control | no-preview |
| go-import | github.com/mridilla/JavaVulnerableLab git https://github.com/mridilla/JavaVulnerableLab.git |
| octolytics-dimension-user_id | 106341105 |
| octolytics-dimension-user_login | mridilla |
| octolytics-dimension-repository_id | 500864610 |
| octolytics-dimension-repository_nwo | mridilla/JavaVulnerableLab |
| octolytics-dimension-repository_public | true |
| octolytics-dimension-repository_is_fork | true |
| octolytics-dimension-repository_parent_id | 301707927 |
| octolytics-dimension-repository_parent_nwo | cx-maty-siman/JavaVulnerableLab |
| octolytics-dimension-repository_network_root_id | 301707927 |
| octolytics-dimension-repository_network_root_nwo | cx-maty-siman/JavaVulnerableLab |
| turbo-body-classes | logged-out env-production page-responsive |
| disable-turbo | false |
| browser-stats-url | https://api.github.com/_private/browser/stats |
| browser-errors-url | https://api.github.com/_private/browser/errors |
| release | 9c975978430e9ad293956f2bbdaf153b1bd84a99 |
| ui-target | full |
| theme-color | #1e2327 |
| color-scheme | light dark |
Links:
Viewport: width=device-width