cxflowgithub1's People
cxflowgithub1's Issues
CX SQL_Injection @ root/register.jsp [master]
SQL_Injection issue exists @ root/register.jsp in branch master
The application's stmt.executeQuery method executes an SQL query with executeQuery, at line 29 of root\register.jsp. The application constructs this SQL query by embedding an untrusted string into the query without proper sanitization. The concatenated string is submitted to the database, where it is parsed and executed accordingly.
An attacker would be able to inject arbitrary syntax and data into the SQL query, by crafting a malicious payload and providing it via the input ""password1""; this input is then read by the = method at line 7 of root\register.jsp. This input then flows through the code, into a query and to the database server - without sanitization.
This may enable an SQL Injection attack.
Severity: High
CWE:89
basketId = cookie.getValue();
String password1 = (String) request.getParameter("password1");
Cookie[] cookies = request.getCookies();
CX Stored_XSS @ root/product.jsp [master]
Stored_XSS issue exists @ root/product.jsp in branch master
The application's out.println embeds untrusted data in the generated output with println, at line 49 of root\product.jsp. This untrusted data is embedded straight into the output without proper sanitization or encoding, enabling an attacker to inject malicious code into the output.
The attacker would be able to alter the returned web page by saving malicious data in a data-store ahead of time. The attacker's modified data is then read from the database by the stmt.executeQuery method with executeQuery, at line 42 of root\product.jsp. This untrusted data then flows through the code straight to the output web page, without sanitization.
This can enable a Stored Cross-Site Scripting (XSS) attack.
Severity: High
CWE:79
rs = stmt.executeQuery();
rs = stmt.executeQuery();
CX Stored_XSS @ root/contact.jsp [master]
Stored_XSS issue exists @ root/contact.jsp in branch master
The application's out.println embeds untrusted data in the generated output with println, at line 68 of root\contact.jsp. This untrusted data is embedded straight into the output without proper sanitization or encoding, enabling an attacker to inject malicious code into the output.
The attacker would be able to alter the returned web page by saving malicious data in a data-store ahead of time. The attacker's modified data is then read from the database by the stmt.executeQuery method with executeQuery, at line 63 of root\contact.jsp. This untrusted data then flows through the code straight to the output web page, without sanitization.
This can enable a Stored Cross-Site Scripting (XSS) attack.
Severity: High
CWE:79
Lines: 63
rs = stmt.executeQuery();
CX Stored_XSS @ root/admin.jsp [master]
Stored_XSS issue exists @ root/admin.jsp in branch master
The application's out.println embeds untrusted data in the generated output with println, at line 21 of root\admin.jsp. This untrusted data is embedded straight into the output without proper sanitization or encoding, enabling an attacker to inject malicious code into the output.
The attacker would be able to alter the returned web page by saving malicious data in a data-store ahead of time. The attacker's modified data is then read from the database by the stmt.executeQuery method with executeQuery, at line 16 of root\admin.jsp. This untrusted data then flows through the code straight to the output web page, without sanitization.
This can enable a Stored Cross-Site Scripting (XSS) attack.
Severity: High
CWE:79
rs = stmt.executeQuery();
rs = stmt.executeQuery();
CX Stored_XSS @ root/score.jsp [master]
Stored_XSS issue exists @ root/score.jsp in branch master
The application's out.println embeds untrusted data in the generated output with println, at line 19 of root\score.jsp. This untrusted data is embedded straight into the output without proper sanitization or encoding, enabling an attacker to inject malicious code into the output.
The attacker would be able to alter the returned web page by saving malicious data in a data-store ahead of time. The attacker's modified data is then read from the database by the stmt.executeQuery method with executeQuery, at line 14 of root\score.jsp. This untrusted data then flows through the code straight to the output web page, without sanitization.
This can enable a Stored Cross-Site Scripting (XSS) attack.
Severity: High
CWE:79
Lines: 14
rs = stmt.executeQuery();
CX Reflected_XSS_All_Clients @ root/login.jsp [master]
Reflected_XSS_All_Clients issue exists @ root/login.jsp in branch master
The application's out.println embeds untrusted data in the generated output with println, at line 78 of root\login.jsp. This untrusted data is embedded straight into the output without proper sanitization or encoding, enabling an attacker to inject malicious code into the output.
The attacker would be able to alter the returned web page by simply providing modified data in the user input getCookies, which is read by the request.getCookies method at line 35 of root\login.jsp. This input then flows through the code straight to the output web page, without sanitization.
This can enable a Reflected Cross-Site Scripting (XSS) attack.
Severity: High
CWE:79
Lines: 35
Cookie[] cookies = request.getCookies();
CX Stored_XSS @ root/basket.jsp [master]
Stored_XSS issue exists @ root/basket.jsp in branch master
The application's out.println embeds untrusted data in the generated output with println, at line 257 of root\basket.jsp. This untrusted data is embedded straight into the output without proper sanitization or encoding, enabling an attacker to inject malicious code into the output.
The attacker would be able to alter the returned web page by saving malicious data in a data-store ahead of time. The attacker's modified data is then read from the database by the stmt.executeQuery method with executeQuery, at line 242 of root\basket.jsp. This untrusted data then flows through the code straight to the output web page, without sanitization.
This can enable a Stored Cross-Site Scripting (XSS) attack.
Severity: High
CWE:79
Lines: 242
rs = stmt.executeQuery();
CX Reflected_XSS_All_Clients @ root/register.jsp [master]
Reflected_XSS_All_Clients issue exists @ root/register.jsp in branch master
The application's out.println embeds untrusted data in the generated output with println, at line 96 of root\register.jsp. This untrusted data is embedded straight into the output without proper sanitization or encoding, enabling an attacker to inject malicious code into the output.
The attacker would be able to alter the returned web page by simply providing modified data in the user input getCookies, which is read by the request.getCookies method at line 46 of root\register.jsp. This input then flows through the code straight to the output web page, without sanitization.
This can enable a Reflected Cross-Site Scripting (XSS) attack.
Severity: High
CWE:79
Lines: 46
Cookie[] cookies = request.getCookies();
CX Stored_XSS @ root/search.jsp [master]
Stored_XSS issue exists @ root/search.jsp in branch master
The application's %> embeds untrusted data in the generated output with output, at line 49 of root\search.jsp. This untrusted data is embedded straight into the output without proper sanitization or encoding, enabling an attacker to inject malicious code into the output.
The attacker would be able to alter the returned web page by saving malicious data in a data-store ahead of time. The attacker's modified data is then read from the database by the stmt.executeQuery method with executeQuery, at line 34 of root\search.jsp. This untrusted data then flows through the code straight to the output web page, without sanitization.
This can enable a Stored Cross-Site Scripting (XSS) attack.
Severity: High
CWE:79
Lines: 34
rs = stmt.executeQuery(sql);
CX SQL_Injection @ root/basket.jsp [master]
SQL_Injection issue exists @ root/basket.jsp in branch master
The application's stmt.executeQuery method executes an SQL query with executeQuery, at line 55 of root\basket.jsp. The application constructs this SQL query by embedding an untrusted string into the query without proper sanitization. The concatenated string is submitted to the database, where it is parsed and executed accordingly.
An attacker would be able to inject arbitrary syntax and data into the SQL query, by crafting a malicious payload and providing it via the input getValue; this input is then read by the cookie.getValue method at line 43 of root\basket.jsp. This input then flows through the code, into a query and to the database server - without sanitization.
This may enable an SQL Injection attack.
Severity: High
CWE:89
Map params = request.getParameterMap();
String productId = request.getParameter("productid");
Cookie[] cookies = request.getCookies();
basketId = cookie.getValue();
CX SQL_Injection @ root/password.jsp [master]
SQL_Injection issue exists @ root/password.jsp in branch master
The application's stmt.executeQuery method executes an SQL query with executeQuery, at line 24 of root\password.jsp. The application constructs this SQL query by embedding an untrusted string into the query without proper sanitization. The concatenated string is submitted to the database, where it is parsed and executed accordingly.
An attacker would be able to inject arbitrary syntax and data into the SQL query, by crafting a malicious payload and providing it via the input ""password1""; this input is then read by the = method at line 10 of root\password.jsp. This input then flows through the code, into a query and to the database server - without sanitization.
This may enable an SQL Injection attack.
Severity: High
CWE:89
Lines: 10
String password1 = (String) request.getParameter("password1");
CX Reflected_XSS_All_Clients @ root/basket.jsp [master]
Reflected_XSS_All_Clients issue exists @ root/basket.jsp in branch master
The application's out.println embeds untrusted data in the generated output with println, at line 141 of root\basket.jsp. This untrusted data is embedded straight into the output without proper sanitization or encoding, enabling an attacker to inject malicious code into the output.
The attacker would be able to alter the returned web page by simply providing modified data in the user input getCookies, which is read by the request.getCookies method at line 38 of root\basket.jsp. This input then flows through the code straight to the output web page, without sanitization.
This can enable a Reflected Cross-Site Scripting (XSS) attack.
Severity: High
CWE:79
Lines: 38
Cookie[] cookies = request.getCookies();
CX Stored_XSS @ root/header.jsp [master]
Stored_XSS issue exists @ root/header.jsp in branch master
The application's out.println embeds untrusted data in the generated output with println, at line 94 of root\header.jsp. This untrusted data is embedded straight into the output without proper sanitization or encoding, enabling an attacker to inject malicious code into the output.
The attacker would be able to alter the returned web page by saving malicious data in a data-store ahead of time. The attacker's modified data is then read from the database by the stmt.executeQuery method with executeQuery, at line 91 of root\header.jsp. This untrusted data then flows through the code straight to the output web page, without sanitization.
This can enable a Stored Cross-Site Scripting (XSS) attack.
Severity: High
CWE:79
Lines: 91
rs = stmt.executeQuery();
CX Reflected_XSS_All_Clients @ root/search.jsp [master]
Reflected_XSS_All_Clients issue exists @ root/search.jsp in branch master
The application's %><br/><br/> embeds untrusted data in the generated output with query, at line 18 of root\search.jsp. This untrusted data is embedded straight into the output without proper sanitization or encoding, enabling an attacker to inject malicious code into the output.
The attacker would be able to alter the returned web page by simply providing modified data in the user input ""q"", which is read by the = method at line 10 of root\search.jsp. This input then flows through the code straight to the output web page, without sanitization.
This can enable a Reflected Cross-Site Scripting (XSS) attack.
Severity: High
CWE:79
Lines: 10
String query = (String) request.getParameter("q");
CX Stored_XSS @ root/login.jsp [master]
Stored_XSS issue exists @ root/login.jsp in branch master
The application's value=""/> embeds untrusted data in the generated output with getAttribute, at line 89 of root\contact.jsp. This untrusted data is embedded straight into the output without proper sanitization or encoding, enabling an attacker to inject malicious code into the output.
The attacker would be able to alter the returned web page by saving malicious data in a data-store ahead of time. The attacker's modified data is then read from the database by the stmt.executeQuery method with executeQuery, at line 15 of root\login.jsp. This untrusted data then flows through the code straight to the output web page, without sanitization.
This can enable a Stored Cross-Site Scripting (XSS) attack.
Severity: High
CWE:79
Lines: 15
rs = stmt.executeQuery("SELECT * FROM Users WHERE (name = '" + username + "' AND password = '" + password + "')");
CX Reflected_XSS_All_Clients @ root/contact.jsp [master]
Reflected_XSS_All_Clients issue exists @ root/contact.jsp in branch master
The application's out.println embeds untrusted data in the generated output with println, at line 37 of root\contact.jsp. This untrusted data is embedded straight into the output without proper sanitization or encoding, enabling an attacker to inject malicious code into the output.
The attacker would be able to alter the returned web page by simply providing modified data in the user input ""comments"", which is read by the = method at line 11 of root\contact.jsp. This input then flows through the code straight to the output web page, without sanitization.
This can enable a Reflected Cross-Site Scripting (XSS) attack.
Severity: High
CWE:79
Lines: 11
String comments = (String) request.getParameter("comments");
CX SQL_Injection @ root/login.jsp [master]
SQL_Injection issue exists @ root/login.jsp in branch master
The application's stmt.executeQuery method executes an SQL query with executeQuery, at line 15 of root\login.jsp. The application constructs this SQL query by embedding an untrusted string into the query without proper sanitization. The concatenated string is submitted to the database, where it is parsed and executed accordingly.
An attacker would be able to inject arbitrary syntax and data into the SQL query, by crafting a malicious payload and providing it via the input ""password""; this input is then read by the = method at line 8 of root\login.jsp. This input then flows through the code, into a query and to the database server - without sanitization.
This may enable an SQL Injection attack.
Severity: High
CWE:89
Cookie[] cookies = request.getCookies();
basketId = cookie.getValue();
String password = (String) request.getParameter("password");
CX Stored_XSS @ root/home.jsp [master]
Stored_XSS issue exists @ root/home.jsp in branch master
The application's out.println embeds untrusted data in the generated output with println, at line 31 of root\home.jsp. This untrusted data is embedded straight into the output without proper sanitization or encoding, enabling an attacker to inject malicious code into the output.
The attacker would be able to alter the returned web page by saving malicious data in a data-store ahead of time. The attacker's modified data is then read from the database by the stmt.executeQuery method with executeQuery, at line 25 of root\home.jsp. This untrusted data then flows through the code straight to the output web page, without sanitization.
This can enable a Stored Cross-Site Scripting (XSS) attack.
Severity: High
CWE:79
Lines: 25
rs = stmt.executeQuery();
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.