cxsean / cxflowgithub1 Goto Github PK

SQL_Injection issue exists @ root/register.jsp in branch master

The application's stmt.executeQuery method executes an SQL query with executeQuery, at line 29 of root\register.jsp. The application constructs this SQL query by embedding an untrusted string into the query without proper sanitization. The concatenated string is submitted to the database, where it is parsed and executed accordingly.
An attacker would be able to inject arbitrary syntax and data into the SQL query, by crafting a malicious payload and providing it via the input ""password1""; this input is then read by the = method at line 7 of root\register.jsp. This input then flows through the code, into a query and to the database server - without sanitization.
This may enable an SQL Injection attack.

Severity: High

CWE:89

Checkmarx

Lines: 51 7 46

Code (Line #51):

						basketId = cookie.getValue();

Code (Line #7):

String password1 = (String) request.getParameter("password1");

Code (Line #46):

			Cookie[] cookies = request.getCookies();

Stored_XSS issue exists @ root/product.jsp in branch master

The application's out.println embeds untrusted data in the generated output with println, at line 49 of root\product.jsp. This untrusted data is embedded straight into the output without proper sanitization or encoding, enabling an attacker to inject malicious code into the output.
The attacker would be able to alter the returned web page by saving malicious data in a data-store ahead of time. The attacker's modified data is then read from the database by the stmt.executeQuery method with executeQuery, at line 42 of root\product.jsp. This untrusted data then flows through the code straight to the output web page, without sanitization. 
This can enable a Stored Cross-Site Scripting (XSS) attack.

Severity: High

CWE:79

Checkmarx

Lines: 42 59

Code (Line #42):

			rs = stmt.executeQuery();

Code (Line #59):

			rs = stmt.executeQuery();

Stored_XSS issue exists @ root/contact.jsp in branch master

The application's out.println embeds untrusted data in the generated output with println, at line 68 of root\contact.jsp. This untrusted data is embedded straight into the output without proper sanitization or encoding, enabling an attacker to inject malicious code into the output.
The attacker would be able to alter the returned web page by saving malicious data in a data-store ahead of time. The attacker's modified data is then read from the database by the stmt.executeQuery method with executeQuery, at line 63 of root\contact.jsp. This untrusted data then flows through the code straight to the output web page, without sanitization. 
This can enable a Stored Cross-Site Scripting (XSS) attack.

Severity: High

CWE:79

Checkmarx

Lines: 63

Code (Line #63):

		rs = stmt.executeQuery();

Stored_XSS issue exists @ root/admin.jsp in branch master

The application's out.println embeds untrusted data in the generated output with println, at line 21 of root\admin.jsp. This untrusted data is embedded straight into the output without proper sanitization or encoding, enabling an attacker to inject malicious code into the output.
The attacker would be able to alter the returned web page by saving malicious data in a data-store ahead of time. The attacker's modified data is then read from the database by the stmt.executeQuery method with executeQuery, at line 16 of root\admin.jsp. This untrusted data then flows through the code straight to the output web page, without sanitization. 
This can enable a Stored Cross-Site Scripting (XSS) attack.

Severity: High

CWE:79

Checkmarx

Lines: 16 28

Code (Line #16):

		rs = stmt.executeQuery();

Code (Line #28):

		rs = stmt.executeQuery();

Stored_XSS issue exists @ root/score.jsp in branch master

The application's out.println embeds untrusted data in the generated output with println, at line 19 of root\score.jsp. This untrusted data is embedded straight into the output without proper sanitization or encoding, enabling an attacker to inject malicious code into the output.
The attacker would be able to alter the returned web page by saving malicious data in a data-store ahead of time. The attacker's modified data is then read from the database by the stmt.executeQuery method with executeQuery, at line 14 of root\score.jsp. This untrusted data then flows through the code straight to the output web page, without sanitization. 
This can enable a Stored Cross-Site Scripting (XSS) attack.

Severity: High

CWE:79

Checkmarx

Lines: 14

Code (Line #14):

			rs = stmt.executeQuery();

Reflected_XSS_All_Clients issue exists @ root/login.jsp in branch master

The application's out.println embeds untrusted data in the generated output with println, at line 78 of root\login.jsp. This untrusted data is embedded straight into the output without proper sanitization or encoding, enabling an attacker to inject malicious code into the output.
The attacker would be able to alter the returned web page by simply providing modified data in the user input getCookies, which is read by the request.getCookies method at line 35 of root\login.jsp. This input then flows through the code straight to the output web page, without sanitization. 
This can enable a Reflected Cross-Site Scripting (XSS) attack.

Severity: High

CWE:79

Checkmarx

Lines: 35

Code (Line #35):

			Cookie[] cookies = request.getCookies();

Stored_XSS issue exists @ root/basket.jsp in branch master

The application's out.println embeds untrusted data in the generated output with println, at line 257 of root\basket.jsp. This untrusted data is embedded straight into the output without proper sanitization or encoding, enabling an attacker to inject malicious code into the output.
The attacker would be able to alter the returned web page by saving malicious data in a data-store ahead of time. The attacker's modified data is then read from the database by the stmt.executeQuery method with executeQuery, at line 242 of root\basket.jsp. This untrusted data then flows through the code straight to the output web page, without sanitization. 
This can enable a Stored Cross-Site Scripting (XSS) attack.

Severity: High

CWE:79

Checkmarx

Lines: 242

Code (Line #242):

		rs = stmt.executeQuery();

Reflected_XSS_All_Clients issue exists @ root/register.jsp in branch master

The application's out.println embeds untrusted data in the generated output with println, at line 96 of root\register.jsp. This untrusted data is embedded straight into the output without proper sanitization or encoding, enabling an attacker to inject malicious code into the output.
The attacker would be able to alter the returned web page by simply providing modified data in the user input getCookies, which is read by the request.getCookies method at line 46 of root\register.jsp. This input then flows through the code straight to the output web page, without sanitization. 
This can enable a Reflected Cross-Site Scripting (XSS) attack.

Severity: High

CWE:79

Checkmarx

Lines: 46

Code (Line #46):

			Cookie[] cookies = request.getCookies();

Stored_XSS issue exists @ root/search.jsp in branch master

The application's %> embeds untrusted data in the generated output with output, at line 49 of root\search.jsp. This untrusted data is embedded straight into the output without proper sanitization or encoding, enabling an attacker to inject malicious code into the output.
The attacker would be able to alter the returned web page by saving malicious data in a data-store ahead of time. The attacker's modified data is then read from the database by the stmt.executeQuery method with executeQuery, at line 34 of root\search.jsp. This untrusted data then flows through the code straight to the output web page, without sanitization. 
This can enable a Stored Cross-Site Scripting (XSS) attack.

Severity: High

CWE:79

Checkmarx

Lines: 34

Code (Line #34):

		rs = stmt.executeQuery(sql);

SQL_Injection issue exists @ root/basket.jsp in branch master

The application's stmt.executeQuery method executes an SQL query with executeQuery, at line 55 of root\basket.jsp. The application constructs this SQL query by embedding an untrusted string into the query without proper sanitization. The concatenated string is submitted to the database, where it is parsed and executed accordingly.
An attacker would be able to inject arbitrary syntax and data into the SQL query, by crafting a malicious payload and providing it via the input getValue; this input is then read by the cookie.getValue method at line 43 of root\basket.jsp. This input then flows through the code, into a query and to the database server - without sanitization.
This may enable an SQL Injection attack.

Severity: High

CWE:89

Checkmarx

Lines: 212 148 38 43

Code (Line #212):

		Map params = request.getParameterMap();

Code (Line #148):

	String productId = request.getParameter("productid");

Code (Line #38):

	Cookie[] cookies = request.getCookies();

Code (Line #43):

				basketId = cookie.getValue();

SQL_Injection issue exists @ root/password.jsp in branch master

The application's stmt.executeQuery method executes an SQL query with executeQuery, at line 24 of root\password.jsp. The application constructs this SQL query by embedding an untrusted string into the query without proper sanitization. The concatenated string is submitted to the database, where it is parsed and executed accordingly.
An attacker would be able to inject arbitrary syntax and data into the SQL query, by crafting a malicious payload and providing it via the input ""password1""; this input is then read by the = method at line 10 of root\password.jsp. This input then flows through the code, into a query and to the database server - without sanitization.
This may enable an SQL Injection attack.

Severity: High

CWE:89

Checkmarx

Lines: 10

Code (Line #10):

String password1 = (String) request.getParameter("password1");

Reflected_XSS_All_Clients issue exists @ root/basket.jsp in branch master

The application's out.println embeds untrusted data in the generated output with println, at line 141 of root\basket.jsp. This untrusted data is embedded straight into the output without proper sanitization or encoding, enabling an attacker to inject malicious code into the output.
The attacker would be able to alter the returned web page by simply providing modified data in the user input getCookies, which is read by the request.getCookies method at line 38 of root\basket.jsp. This input then flows through the code straight to the output web page, without sanitization. 
This can enable a Reflected Cross-Site Scripting (XSS) attack.

Severity: High

CWE:79

Checkmarx

Lines: 38

Code (Line #38):

	Cookie[] cookies = request.getCookies();

Stored_XSS issue exists @ root/header.jsp in branch master

The application's out.println embeds untrusted data in the generated output with println, at line 94 of root\header.jsp. This untrusted data is embedded straight into the output without proper sanitization or encoding, enabling an attacker to inject malicious code into the output.
The attacker would be able to alter the returned web page by saving malicious data in a data-store ahead of time. The attacker's modified data is then read from the database by the stmt.executeQuery method with executeQuery, at line 91 of root\header.jsp. This untrusted data then flows through the code straight to the output web page, without sanitization. 
This can enable a Stored Cross-Site Scripting (XSS) attack.

Severity: High

CWE:79

Checkmarx

Lines: 91

Code (Line #91):

		rs = stmt.executeQuery();

Reflected_XSS_All_Clients issue exists @ root/search.jsp in branch master

The application's %><br/><br/> embeds untrusted data in the generated output with query, at line 18 of root\search.jsp. This untrusted data is embedded straight into the output without proper sanitization or encoding, enabling an attacker to inject malicious code into the output.
The attacker would be able to alter the returned web page by simply providing modified data in the user input ""q"", which is read by the = method at line 10 of root\search.jsp. This input then flows through the code straight to the output web page, without sanitization. 
This can enable a Reflected Cross-Site Scripting (XSS) attack.

Severity: High

CWE:79

Checkmarx

Lines: 10

Code (Line #10):

String query = (String) request.getParameter("q");

Stored_XSS issue exists @ root/login.jsp in branch master

The application's value=""/> embeds untrusted data in the generated output with getAttribute, at line 89 of root\contact.jsp. This untrusted data is embedded straight into the output without proper sanitization or encoding, enabling an attacker to inject malicious code into the output.
The attacker would be able to alter the returned web page by saving malicious data in a data-store ahead of time. The attacker's modified data is then read from the database by the stmt.executeQuery method with executeQuery, at line 15 of root\login.jsp. This untrusted data then flows through the code straight to the output web page, without sanitization. 
This can enable a Stored Cross-Site Scripting (XSS) attack.

Severity: High

CWE:79

Checkmarx

Lines: 15

Code (Line #15):

		rs = stmt.executeQuery("SELECT * FROM Users WHERE (name = '" + username + "' AND password = '" + password + "')");

Reflected_XSS_All_Clients issue exists @ root/contact.jsp in branch master

The application's out.println embeds untrusted data in the generated output with println, at line 37 of root\contact.jsp. This untrusted data is embedded straight into the output without proper sanitization or encoding, enabling an attacker to inject malicious code into the output.
The attacker would be able to alter the returned web page by simply providing modified data in the user input ""comments"", which is read by the = method at line 11 of root\contact.jsp. This input then flows through the code straight to the output web page, without sanitization. 
This can enable a Reflected Cross-Site Scripting (XSS) attack.

Severity: High

CWE:79

Checkmarx

Lines: 11

Code (Line #11):

String comments = (String) request.getParameter("comments");

SQL_Injection issue exists @ root/login.jsp in branch master

The application's stmt.executeQuery method executes an SQL query with executeQuery, at line 15 of root\login.jsp. The application constructs this SQL query by embedding an untrusted string into the query without proper sanitization. The concatenated string is submitted to the database, where it is parsed and executed accordingly.
An attacker would be able to inject arbitrary syntax and data into the SQL query, by crafting a malicious payload and providing it via the input ""password""; this input is then read by the = method at line 8 of root\login.jsp. This input then flows through the code, into a query and to the database server - without sanitization.
This may enable an SQL Injection attack.

Severity: High

CWE:89

Checkmarx

Lines: 35 40 8

Code (Line #35):

			Cookie[] cookies = request.getCookies();

Code (Line #40):

						basketId = cookie.getValue();

Code (Line #8):

String password = (String) request.getParameter("password");

Stored_XSS issue exists @ root/home.jsp in branch master

The application's out.println embeds untrusted data in the generated output with println, at line 31 of root\home.jsp. This untrusted data is embedded straight into the output without proper sanitization or encoding, enabling an attacker to inject malicious code into the output.
The attacker would be able to alter the returned web page by saving malicious data in a data-store ahead of time. The attacker's modified data is then read from the database by the stmt.executeQuery method with executeQuery, at line 25 of root\home.jsp. This untrusted data then flows through the code straight to the output web page, without sanitization. 
This can enable a Stored Cross-Site Scripting (XSS) attack.

Severity: High

CWE:79

Checkmarx

Lines: 25

Code (Line #25):

			rs = stmt.executeQuery();