Skip to content

Update README.md#5

Open
cx-demo wants to merge 1 commit into
masterfrom
ast-demo
Open

Update README.md#5
cx-demo wants to merge 1 commit into
masterfrom
ast-demo

Conversation

@cx-demo

@cx-demo cx-demo commented Sep 30, 2021

Copy link
Copy Markdown
Owner

No description provided.

@cx-demo

cx-demo commented Sep 30, 2021

Copy link
Copy Markdown
Owner Author

Logo
Checkmarx AST - Scan Summary & Details - 2b405bbd-5998-4faf-945d-58a6bd8b4981

Violation Summary

HIGH49 HIGH
MEDIUM40 MEDIUM
LOW169 LOW
INFO3 INFO

CxAST Results

Severity Issue File Scan Engine
HIGH Reflected_XSS_All_Clients /src/main/webapp/admin/adminlogin.jsp: 58 CxSAST
HIGH Reflected_XSS_All_Clients /src/main/webapp/vulnerability/xss/search.jsp: 16 CxSAST
HIGH Reflected_XSS_All_Clients /src/main/webapp/vulnerability/Injection/xslt.jsp: 14 CxSAST
HIGH Reflected_XSS_All_Clients /src/main/webapp/vulnerability/UserDetails.jsp: 8 CxSAST
HIGH Reflected_XSS_All_Clients /src/main/webapp/vulnerability/SendMessage.jsp: 11, 18 CxSAST
HIGH Reflected_XSS_All_Clients /src/main/java/org/cysecurity/cspf/jvl/controller/AddPage.java: 39 CxSAST
HIGH Reflected_XSS_All_Clients /src/main/webapp/vulnerability/Injection/xpath_login.jsp: 9 CxSAST
HIGH Reflected_XSS_All_Clients /src/main/java/org/cysecurity/cspf/jvl/controller/xxe.java: 44 CxSAST
HIGH Reflected_XSS_All_Clients /src/main/webapp/vulnerability/xss/xss4.jsp: 2, 2 CxSAST
HIGH Reflected_XSS_All_Clients /src/main/webapp/login.jsp: 7, 7, 26 CxSAST
HIGH SQL_Injection /src/main/webapp/vulnerability/csrf/change-info.jsp: 26 CxSAST
HIGH SQL_Injection /src/main/webapp/vulnerability/idor/change-email.jsp: 27, 28 CxSAST
HIGH SQL_Injection /src/main/webapp/vulnerability/forum.jsp: 41, 42, 43 CxSAST
HIGH SQL_Injection /src/main/webapp/ForgotPassword.jsp: 42, 42 CxSAST
HIGH SQL_Injection /src/main/java/org/cysecurity/cspf/jvl/controller/XPathQuery.java: 35, 36 CxSAST
HIGH SQL_Injection /src/main/webapp/myprofile.jsp: 16, 16 CxSAST
HIGH SQL_Injection /src/main/webapp/vulnerability/Injection/orm.jsp: 50 CxSAST
HIGH SQL_Injection /src/main/webapp/vulnerability/DisplayMessage.jsp: 16 CxSAST
HIGH SQL_Injection /src/main/webapp/vulnerability/sqli/download_id_union.jsp: 18 CxSAST
HIGH SQL_Injection /src/main/webapp/vulnerability/forumposts.jsp: 9 CxSAST
HIGH SQL_Injection /src/main/webapp/admin/adminlogin.jsp: 11, 11, 11, 11, 11 CxSAST
HIGH SQL_Injection /src/main/webapp/vulnerability/csrf/changepassword.jsp: 33 CxSAST
HIGH SQL_Injection /src/main/java/org/cysecurity/cspf/jvl/controller/EmailCheck.java: 42 CxSAST
HIGH SQL_Injection /src/main/java/org/cysecurity/cspf/jvl/controller/LoginValidator.java: 43, 43, 43, 43, 43, 44, 44, 44, 44, 44 CxSAST
HIGH SQL_Injection /src/main/webapp/admin/manageusers.jsp: 13 CxSAST
HIGH SQL_Injection /src/main/webapp/changeCardDetails.jsp: 37, 38, 39 CxSAST
HIGH SQL_Injection /src/main/java/org/cysecurity/cspf/jvl/controller/UsernameCheck.java: 42 CxSAST
HIGH SQL_Injection /src/main/webapp/vulnerability/sqli/download_id.jsp: 18 CxSAST
HIGH SQL_Injection /src/main/java/org/cysecurity/cspf/jvl/controller/Register.java: 43, 43, 44, 45, 46, 47 CxSAST
HIGH SQL_Injection /src/main/webapp/vulnerability/UserDetails.jsp: 8 CxSAST
HIGH Second_Order_SQL_Injection /src/main/java/org/cysecurity/cspf/jvl/controller/LoginValidator.java: 52, 52, 52, 52 CxSAST
HIGH Second_Order_SQL_Injection /src/main/webapp/admin/adminlogin.jsp: 19, 19, 19, 19 CxSAST
HIGH Stored_XSS /src/main/java/org/cysecurity/cspf/jvl/controller/LoginValidator.java: 52, 52, 52, 52, 52, 52, 52, 52, 52, 52, 52, 52, 52, 52, 52, 52, 52, 52, 52, 52, 52, 52, 52, 52, 52, 52, 52, 52, 52, 52, 52, 52, 52, 52, 52, 52, 52, 52, 52, 52, 52, 52, 52, 52, 52, 52, 52, 52, 52, 52, 52, 52, 52, 52, 52, 52, 52, 52, 52, 52, 52, 52, 52, 52, 52, 52, 52, 52, 52, 52, 52, 52, 52, 52, 52, 52, 52, 52, 52, 52, 52, 52, 52, 52, 52, 52, 52, 52, 52 CxSAST
HIGH Stored_XSS /src/main/webapp/vulnerability/UserDetails.jsp: 13 CxSAST
HIGH Stored_XSS /src/main/webapp/admin/manageusers.jsp: 19 CxSAST
HIGH Stored_XSS /src/main/webapp/vulnerability/securitymisconfig/pages.jsp: 19, 19, 19 CxSAST
HIGH Stored_XSS /src/main/webapp/vulnerability/Messages.jsp: 14 CxSAST
HIGH Stored_XSS /src/main/webapp/vulnerability/Injection/orm.jsp: 12 CxSAST
HIGH Stored_XSS /src/main/webapp/vulnerability/idor/download.jsp: 24 CxSAST
HIGH Stored_XSS /src/main/webapp/admin/adminlogin.jsp: 19, 19, 19, 19, 19, 19, 19, 19, 19, 19, 19, 19, 19, 19, 19, 19, 19, 19, 19, 19, 19, 19, 19, 19, 19, 19, 19, 19, 19, 19, 19, 19, 19, 19, 19, 19, 19, 19, 19, 19, 19, 19, 19, 19, 19, 19, 19, 19, 19, 19, 19, 19, 19, 19, 19, 19, 19, 19, 19, 19, 19, 19, 19, 19, 19, 19, 19, 19, 19, 19, 19, 19, 19, 19, 19, 19, 19, 19, 19, 19, 19, 19, 19, 19, 19, 19, 19, 19, 19 CxSAST
HIGH Stored_XSS /src/main/webapp/vulnerability/forumUsersList.jsp: 12 CxSAST
HIGH Stored_XSS /src/main/webapp/vulnerability/forum.jsp: 60, 60, 60 CxSAST
HIGH Stored_XSS /src/main/webapp/vulnerability/sqli/download_id_union.jsp: 43 CxSAST
HIGH Stored_XSS /src/main/webapp/vulnerability/forumposts.jsp: 14, 14, 14 CxSAST
HIGH Stored_XSS /src/main/webapp/ForgotPassword.jsp: 42 CxSAST
HIGH Stored_XSS /src/main/webapp/myprofile.jsp: 21, 21, 21, 29, 29, 29 CxSAST
HIGH Stored_XSS /src/main/webapp/vulnerability/sqli/download_id.jsp: 43 CxSAST
HIGH Stored_XSS /src/main/webapp/vulnerability/DisplayMessage.jsp: 16, 16, 16 CxSAST
HIGH XPath_Injection /src/main/java/org/cysecurity/cspf/jvl/controller/XPathQuery.java: 35, 36 CxSAST
MEDIUM Absolute_Path_Traversal /src/main/webapp/vulnerability/idor/download.jsp: 11 CxSAST
MEDIUM Download_of_Code_Without_Integrity_Check /src/main/java/org/cysecurity/cspf/jvl/controller/Install.java: 111 CxSAST
MEDIUM External_Control_of_System_or_Config_Setting /src/main/java/org/cysecurity/cspf/jvl/controller/Install.java: 54, 55, 56, 57, 58, 59 CxSAST
MEDIUM External_Control_of_System_or_Config_Setting /src/main/webapp/vulnerability/baasm/SiteTitle.jsp: 32 CxSAST
MEDIUM External_Control_of_System_or_Config_Setting /src/main/webapp/admin/Configure.jsp: 21 CxSAST
MEDIUM HTTP_Response_Splitting /src/main/webapp/vulnerability/idor/download.jsp: 11 CxSAST
MEDIUM HTTP_Response_Splitting /src/main/webapp/vulnerability/sqli/download_id_union.jsp: 18 CxSAST
MEDIUM HTTP_Response_Splitting /src/main/java/org/cysecurity/cspf/jvl/controller/Open.java: 36 CxSAST
MEDIUM HTTP_Response_Splitting /src/main/java/org/cysecurity/cspf/jvl/controller/LoginValidator.java: 43, 43, 43, 43, 44, 44, 44 CxSAST
MEDIUM HttpOnlyCookies /src/main/webapp/admin/adminlogin.jsp: 27 CxSAST
MEDIUM HttpOnlyCookies /src/main/java/org/cysecurity/cspf/jvl/controller/LoginValidator.java: 59, 59, 59, 63, 63, 64 CxSAST
MEDIUM HttpOnlyCookies_In_Config /src/main/webapp/WEB-INF/web.xml: 0 CxSAST
MEDIUM Improper_Restriction_of_XXE_Ref /src/main/java/org/cysecurity/cspf/jvl/controller/xxe.java: 44 CxSAST
MEDIUM Input_Path_Not_Canonicalized /src/main/java/org/cysecurity/cspf/jvl/controller/AddPage.java: 39 CxSAST
MEDIUM Input_Path_Not_Canonicalized /src/main/webapp/vulnerability/sqli/download_id_union.jsp: 18, 18 CxSAST
MEDIUM Input_Path_Not_Canonicalized /src/main/webapp/vulnerability/idor/download.jsp: 11, 11 CxSAST
MEDIUM Input_Path_Not_Canonicalized /src/main/webapp/vulnerability/sqli/download_id.jsp: 18, 18 CxSAST
MEDIUM Missing_HSTS_Header /src/main/java/org/cysecurity/cspf/jvl/controller/AddPage.java: 55 CxSAST
MEDIUM Plaintext_Storage_of_a_Password /src/main/java/org/cysecurity/cspf/jvl/model/DBConnect.java: 26 CxSAST
MEDIUM Privacy_Violation /src/main/java/org/cysecurity/cspf/jvl/controller/XPathQuery.java: 50, 50, 50, 50, 50 CxSAST
MEDIUM Privacy_Violation /src/main/webapp/login.jsp: 15 CxSAST
MEDIUM Privacy_Violation /src/main/java/org/cysecurity/cspf/jvl/controller/LoginValidator.java: 64 CxSAST
MEDIUM Trust_Boundary_Violation /src/main/java/org/cysecurity/cspf/jvl/controller/XPathQuery.java: 35, 36 CxSAST
MEDIUM Trust_Boundary_Violation /src/main/webapp/admin/adminlogin.jsp: 11, 11, 11, 11 CxSAST
MEDIUM Trust_Boundary_Violation /src/main/java/org/cysecurity/cspf/jvl/controller/LoginValidator.java: 43, 43, 43, 44, 44, 44 CxSAST
MEDIUM Unchecked_Input_for_Loop_Condition /src/main/webapp/vulnerability/idor/download.jsp: 11 CxSAST
MEDIUM Unchecked_Input_for_Loop_Condition /src/main/java/org/cysecurity/cspf/jvl/controller/xxe.java: 44 CxSAST
MEDIUM Use_of_a_One_Way_Hash_with_a_Predictable_Salt /src/main/webapp/admin/adminlogin.jsp: 12 CxSAST
MEDIUM Use_of_a_One_Way_Hash_with_a_Predictable_Salt /src/main/java/org/cysecurity/cspf/jvl/controller/Install.java: 61 CxSAST
MEDIUM XSRF /src/main/webapp/vulnerability/csrf/change-info.jsp: 26 CxSAST
MEDIUM XSRF /src/main/webapp/vulnerability/idor/change-email.jsp: 27, 28 CxSAST
MEDIUM XSRF /src/main/webapp/admin/adminlogin.jsp: 11, 11, 11 CxSAST
MEDIUM XSRF /src/main/java/org/cysecurity/cspf/jvl/controller/Install.java: 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 56, 56, 56, 56, 56, 56, 56, 56, 56, 56, 56, 56, 56, 56, 56, 56, 56, 56, 56, 56, 57, 57, 57, 57, 57, 57, 57, 57, 57, 57, 57, 57, 57, 57, 57, 57, 57, 57, 57, 57, 58, 58, 58, 58, 58, 58, 58, 58, 58, 58, 58, 58, 58, 58, 58, 58, 58, 58, 58, 58, 60 CxSAST
MEDIUM XSRF /src/main/webapp/vulnerability/csrf/changepassword.jsp: 33 CxSAST
MEDIUM XSRF /src/main/java/org/cysecurity/cspf/jvl/controller/LoginValidator.java: 43, 43, 43, 44, 44, 44 CxSAST
MEDIUM XSRF /src/main/java/org/cysecurity/cspf/jvl/controller/Register.java: 43, 43, 44, 45, 46, 47 CxSAST
MEDIUM XSRF /src/main/webapp/admin/manageusers.jsp: 13 CxSAST
MEDIUM XSRF /src/main/webapp/changeCardDetails.jsp: 37, 38, 39 CxSAST
MEDIUM XSRF /src/main/java/org/cysecurity/cspf/jvl/controller/SendMessage.java: 42, 43, 44, 45 CxSAST
MEDIUM XSRF /src/main/webapp/vulnerability/forum.jsp: 41, 42, 43 CxSAST
LOW Blind_SQL_Injections /src/main/webapp/vulnerability/DisplayMessage.jsp: 16 CxSAST
LOW Blind_SQL_Injections /src/main/webapp/vulnerability/forumposts.jsp: 9 CxSAST
LOW Blind_SQL_Injections /src/main/java/org/cysecurity/cspf/jvl/controller/Register.java: 43, 43, 44, 45, 46, 47 CxSAST
LOW Blind_SQL_Injections /src/main/webapp/vulnerability/sqli/download_id_union.jsp: 18 CxSAST
LOW Blind_SQL_Injections /src/main/webapp/admin/adminlogin.jsp: 11 CxSAST
LOW Blind_SQL_Injections /src/main/java/org/cysecurity/cspf/jvl/controller/XPathQuery.java: 35, 36 CxSAST
LOW Blind_SQL_Injections /src/main/webapp/vulnerability/UserDetails.jsp: 8 CxSAST
LOW Blind_SQL_Injections /src/main/java/org/cysecurity/cspf/jvl/controller/UsernameCheck.java: 42 CxSAST
LOW Blind_SQL_Injections /src/main/webapp/vulnerability/idor/change-email.jsp: 27, 28 CxSAST
LOW Blind_SQL_Injections /src/main/webapp/changeCardDetails.jsp: 37, 38, 39 CxSAST
LOW Blind_SQL_Injections /src/main/webapp/vulnerability/csrf/change-info.jsp: 26 CxSAST
LOW Blind_SQL_Injections /src/main/webapp/vulnerability/sqli/download_id.jsp: 18 CxSAST
LOW Blind_SQL_Injections /src/main/webapp/vulnerability/forum.jsp: 41, 42, 43 CxSAST
LOW Blind_SQL_Injections /src/main/webapp/myprofile.jsp: 16, 16 CxSAST
LOW Blind_SQL_Injections /src/main/java/org/cysecurity/cspf/jvl/controller/EmailCheck.java: 42 CxSAST
LOW Blind_SQL_Injections /src/main/java/org/cysecurity/cspf/jvl/controller/LoginValidator.java: 43, 44 CxSAST
LOW Blind_SQL_Injections /src/main/webapp/ForgotPassword.jsp: 42, 42 CxSAST
LOW Blind_SQL_Injections /src/main/webapp/admin/manageusers.jsp: 13 CxSAST
LOW Blind_SQL_Injections /src/main/webapp/vulnerability/Injection/orm.jsp: 50 CxSAST
LOW Blind_SQL_Injections /src/main/webapp/vulnerability/csrf/changepassword.jsp: 33 CxSAST
LOW Creation_of_Temp_File_in_Dir_with_Incorrect_Permissions /src/main/java/org/cysecurity/cspf/jvl/controller/AddPage.java: 45 CxSAST
LOW Cross_Site_History_Manipulation /src/main/java/org/cysecurity/cspf/jvl/controller/XPathQuery.java: 55 CxSAST
LOW Cross_Site_History_Manipulation /src/main/java/org/cysecurity/cspf/jvl/controller/Register.java: 54 CxSAST
LOW Cross_Site_History_Manipulation /src/main/java/org/cysecurity/cspf/jvl/controller/Open.java: 37 CxSAST
LOW Cross_Site_History_Manipulation /src/main/java/org/cysecurity/cspf/jvl/controller/ForwardMe.java: 37 CxSAST
LOW Cross_Site_History_Manipulation /src/main/webapp/admin/index.jsp: 3 CxSAST
LOW Cross_Site_History_Manipulation /src/main/java/org/cysecurity/cspf/jvl/controller/LoginValidator.java: 53 CxSAST
LOW Cross_Site_History_Manipulation /src/main/webapp/admin/adminlogin.jsp: 8, 20 CxSAST
LOW Cross_Site_History_Manipulation /src/main/java/org/cysecurity/cspf/jvl/controller/SendMessage.java: 46 CxSAST
LOW Data_Leak_Between_Sessions /src/main/java/org/cysecurity/cspf/jvl/controller/Install.java: 30, 31, 32, 33, 34, 35, 36, 37 CxSAST
LOW Heap_Inspection /src/main/webapp/login.jsp: 6 CxSAST
LOW Heap_Inspection /src/main/java/org/cysecurity/cspf/jvl/controller/XPathQuery.java: 36 CxSAST
LOW Heap_Inspection /src/main/webapp/vulnerability/csrf/changepassword.jsp: 33 CxSAST
LOW Heap_Inspection /src/main/java/org/cysecurity/cspf/jvl/controller/LoginValidator.java: 44, 64 CxSAST
LOW Heap_Inspection /src/main/java/org/cysecurity/cspf/jvl/controller/Register.java: 44 CxSAST
LOW Improper_Exception_Handling /src/main/webapp/vulnerability/idor/change-email.jsp: 32 CxSAST
LOW Improper_Exception_Handling /src/main/webapp/vulnerability/idor/download.jsp: 17, 24, 26 CxSAST
LOW Improper_Exception_Handling /src/main/webapp/header.jsp: 9, 9, 9, 9, 9, 9, 9, 9, 9, 9, 9, 9, 9, 9, 9, 9, 9, 9, 9, 9, 9, 9, 9, 9, 9, 9, 9, 9, 9, 9, 9, 9, 9, 9, 9, 9, 9, 9, 9, 9, 9, 9 CxSAST
LOW Improper_Exception_Handling /src/main/webapp/admin/manageusers.jsp: 14, 19, 20, 22, 22 CxSAST
LOW Improper_Exception_Handling /src/main/webapp/vulnerability/forumUsersList.jsp: 12, 15, 18, 18 CxSAST
LOW Improper_Exception_Handling /src/main/webapp/vulnerability/forum.jsp: 48, 60, 62, 65, 65, 67, 69, 69, 73 CxSAST
LOW Improper_Exception_Handling /src/main/webapp/vulnerability/csrf/change-info.jsp: 31 CxSAST
LOW Improper_Exception_Handling /src/main/webapp/vulnerability/UserDetails.jsp: 13, 14, 16, 16 CxSAST
LOW Improper_Exception_Handling /src/main/webapp/vulnerability/DisplayMessage.jsp: 16, 17, 19, 20, 21 CxSAST
LOW Improper_Exception_Handling /src/main/webapp/vulnerability/forumposts.jsp: 14, 15, 17, 18, 19 CxSAST
LOW Improper_Exception_Handling /src/main/webapp/ForgotPassword.jsp: 42, 43, 44, 44 CxSAST
LOW Improper_Exception_Handling /src/main/webapp/myprofile.jsp: 21, 22, 24, 25, 26, 29, 30, 33, 34, 35 CxSAST
LOW Improper_Exception_Handling /src/main/webapp/vulnerability/csrf/changepassword.jsp: 40 CxSAST
LOW Improper_Exception_Handling /src/main/webapp/vulnerability/baasm/SiteTitle.jsp: 31, 34 CxSAST
LOW Improper_Exception_Handling /src/main/webapp/vulnerability/Messages.jsp: 14, 17, 19, 19 CxSAST
LOW Improper_Exception_Handling /src/main/webapp/vulnerability/Injection/orm.jsp: 11, 12 CxSAST
LOW Improper_Exception_Handling /src/main/webapp/admin/Configure.jsp: 20, 23 CxSAST
LOW Improper_Resource_Access_Authorization /src/main/webapp/vulnerability/idor/download.jsp: 17, 24, 24, 24 CxSAST
LOW Improper_Resource_Access_Authorization /src/main/webapp/vulnerability/Messages.jsp: 14 CxSAST
LOW Improper_Resource_Access_Authorization /src/main/webapp/vulnerability/UserDetails.jsp: 13 CxSAST
LOW Improper_Resource_Access_Authorization /src/main/webapp/vulnerability/Injection/orm.jsp: 11, 12 CxSAST
LOW Improper_Resource_Access_Authorization /src/main/webapp/vulnerability/csrf/change-info.jsp: 31 CxSAST
LOW Improper_Resource_Access_Authorization /src/main/webapp/vulnerability/securitymisconfig/pages.jsp: 19 CxSAST
LOW Improper_Resource_Access_Authorization /src/main/webapp/vulnerability/idor/change-email.jsp: 32 CxSAST
LOW Improper_Resource_Access_Authorization /src/main/webapp/vulnerability/sqli/download_id.jsp: 24, 36, 43, 43, 43 CxSAST
LOW Improper_Resource_Access_Authorization /src/main/java/org/cysecurity/cspf/jvl/controller/UsernameCheck.java: 48 CxSAST
LOW Improper_Resource_Access_Authorization /src/main/webapp/vulnerability/DisplayMessage.jsp: 16 CxSAST
LOW Improper_Resource_Access_Authorization /src/main/java/org/cysecurity/cspf/jvl/controller/Install.java: 117, 119, 126, 127, 128, 129, 130, 131, 132, 135, 136, 137, 138, 139, 142, 143, 144, 147, 148, 151, 152, 153, 157, 158, 159, 160, 163, 164, 165 CxSAST
LOW Improper_Resource_Access_Authorization /src/main/java/org/cysecurity/cspf/jvl/controller/SendMessage.java: 54 CxSAST
LOW Improper_Resource_Access_Authorization /src/main/webapp/changeCardDetails.jsp: 43 CxSAST
LOW Improper_Resource_Access_Authorization /src/main/webapp/vulnerability/csrf/changepassword.jsp: 40 CxSAST
LOW Improper_Resource_Access_Authorization /src/main/webapp/ForgotPassword.jsp: 42 CxSAST
LOW Improper_Resource_Access_Authorization /src/main/webapp/vulnerability/forumUsersList.jsp: 12 CxSAST
LOW Improper_Resource_Access_Authorization /src/main/webapp/admin/adminlogin.jsp: 19 CxSAST
LOW Improper_Resource_Access_Authorization /src/main/java/org/cysecurity/cspf/jvl/controller/EmailCheck.java: 48 CxSAST
LOW Improper_Resource_Access_Authorization /src/main/webapp/myprofile.jsp: 21, 29 CxSAST
LOW Improper_Resource_Access_Authorization /src/main/webapp/vulnerability/forum.jsp: 48, 60 CxSAST
LOW Improper_Resource_Access_Authorization /src/main/java/org/cysecurity/cspf/jvl/controller/AddPage.java: 50, 53 CxSAST
LOW Improper_Resource_Access_Authorization /src/main/java/org/cysecurity/cspf/jvl/controller/LoginValidator.java: 52 CxSAST
LOW Improper_Resource_Access_Authorization /src/main/webapp/vulnerability/sqli/download_id_union.jsp: 24, 36, 43, 43, 43 CxSAST
LOW Improper_Resource_Access_Authorization /src/main/webapp/admin/manageusers.jsp: 14, 19 CxSAST
LOW Improper_Resource_Access_Authorization /src/main/java/org/cysecurity/cspf/jvl/controller/Register.java: 58, 59 CxSAST
LOW Improper_Resource_Access_Authorization /src/main/webapp/vulnerability/forumposts.jsp: 14 CxSAST
LOW Improper_Resource_Shutdown_or_Release /src/main/webapp/vulnerability/Messages.jsp: 9 CxSAST
LOW Improper_Resource_Shutdown_or_Release /src/main/webapp/vulnerability/idor/download.jsp: 22 CxSAST
LOW Improper_Resource_Shutdown_or_Release /src/main/webapp/vulnerability/securitymisconfig/pages.jsp: 10 CxSAST
LOW Improper_Resource_Shutdown_or_Release /src/main/webapp/admin/manageusers.jsp: 9 CxSAST
LOW Improper_Resource_Shutdown_or_Release /src/main/webapp/vulnerability/UserDetails.jsp: 7 CxSAST
LOW Improper_Resource_Shutdown_or_Release /src/main/webapp/admin/adminlogin.jsp: 10 CxSAST
LOW Improper_Resource_Shutdown_or_Release /src/main/webapp/vulnerability/idor/change-email.jsp: 25 CxSAST
LOW Improper_Resource_Shutdown_or_Release /src/main/webapp/vulnerability/csrf/change-info.jsp: 24 CxSAST
LOW Improper_Resource_Shutdown_or_Release /src/main/java/org/cysecurity/cspf/jvl/controller/SendMessage.java: 41 CxSAST
LOW Improper_Resource_Shutdown_or_Release /src/main/java/org/cysecurity/cspf/jvl/controller/Install.java: 72, 112, 121 CxSAST
LOW Improper_Resource_Shutdown_or_Release /src/main/webapp/vulnerability/sqli/download_id.jsp: 21, 41 CxSAST
LOW Improper_Resource_Shutdown_or_Release /src/main/webapp/changeCardDetails.jsp: 27 CxSAST
LOW Improper_Resource_Shutdown_or_Release /src/main/java/org/cysecurity/cspf/jvl/controller/UsernameCheck.java: 41 CxSAST
LOW Improper_Resource_Shutdown_or_Release /src/main/java/org/cysecurity/cspf/jvl/controller/Register.java: 42 CxSAST
LOW Improper_Resource_Shutdown_or_Release /src/main/webapp/myprofile.jsp: 14 CxSAST
LOW Improper_Resource_Shutdown_or_Release /src/main/webapp/vulnerability/baasm/SiteTitle.jsp: 33 CxSAST
LOW Improper_Resource_Shutdown_or_Release /src/main/webapp/vulnerability/DisplayMessage.jsp: 9 CxSAST
LOW Improper_Resource_Shutdown_or_Release /src/main/webapp/vulnerability/forum.jsp: 21 CxSAST
LOW Improper_Resource_Shutdown_or_Release /src/main/webapp/vulnerability/forumposts.jsp: 7 CxSAST
LOW Improper_Resource_Shutdown_or_Release /src/main/webapp/vulnerability/sqli/download_id_union.jsp: 21, 41 CxSAST
LOW Improper_Resource_Shutdown_or_Release /src/main/webapp/admin/Configure.jsp: 22 CxSAST
LOW Improper_Resource_Shutdown_or_Release /src/main/webapp/vulnerability/forumUsersList.jsp: 7 CxSAST
LOW Improper_Resource_Shutdown_or_Release /src/main/webapp/vulnerability/csrf/changepassword.jsp: 28 CxSAST
LOW Improper_Resource_Shutdown_or_Release /src/main/java/org/cysecurity/cspf/jvl/controller/LoginValidator.java: 47 CxSAST
LOW Improper_Resource_Shutdown_or_Release /src/main/java/org/cysecurity/cspf/jvl/model/DBConnect.java: 35 CxSAST
LOW Improper_Resource_Shutdown_or_Release /src/main/webapp/ForgotPassword.jsp: 39 CxSAST
LOW Improper_Resource_Shutdown_or_Release /src/main/java/org/cysecurity/cspf/jvl/controller/EmailCheck.java: 41 CxSAST
LOW Incorrect_Permission_Assignment_For_Critical_Resources /src/main/webapp/vulnerability/idor/download.jsp: 12 CxSAST
LOW Incorrect_Permission_Assignment_For_Critical_Resources /src/main/java/org/cysecurity/cspf/jvl/controller/XPathQuery.java: 33 CxSAST
LOW Incorrect_Permission_Assignment_For_Critical_Resources /src/main/java/org/cysecurity/cspf/jvl/controller/ForwardMe.java: 35 CxSAST
LOW Incorrect_Permission_Assignment_For_Critical_Resources /src/main/java/org/cysecurity/cspf/jvl/controller/UsernameCheck.java: 39 CxSAST
LOW Incorrect_Permission_Assignment_For_Critical_Resources /src/main/webapp/vulnerability/sqli/download_id.jsp: 31 CxSAST
LOW Incorrect_Permission_Assignment_For_Critical_Resources /src/main/java/org/cysecurity/cspf/jvl/controller/SendMessage.java: 40 CxSAST
LOW Incorrect_Permission_Assignment_For_Critical_Resources /src/main/java/org/cysecurity/cspf/jvl/controller/Install.java: 72, 79 CxSAST
LOW Incorrect_Permission_Assignment_For_Critical_Resources /src/main/java/org/cysecurity/cspf/jvl/controller/xxe.java: 41 CxSAST
LOW Incorrect_Permission_Assignment_For_Critical_Resources /src/main/java/org/cysecurity/cspf/jvl/controller/Register.java: 41 CxSAST
LOW Incorrect_Permission_Assignment_For_Critical_Resources /src/main/java/org/cysecurity/cspf/jvl/controller/Open.java: 35 CxSAST
LOW Incorrect_Permission_Assignment_For_Critical_Resources /src/main/webapp/vulnerability/sqli/download_id_union.jsp: 31 CxSAST
LOW Incorrect_Permission_Assignment_For_Critical_Resources /src/main/java/org/cysecurity/cspf/jvl/controller/EmailCheck.java: 39 CxSAST
LOW Incorrect_Permission_Assignment_For_Critical_Resources /src/main/java/org/cysecurity/cspf/jvl/controller/Logout.java: 36 CxSAST
LOW Incorrect_Permission_Assignment_For_Critical_Resources /src/main/webapp/admin/Configure.jsp: 22 CxSAST
LOW Incorrect_Permission_Assignment_For_Critical_Resources /src/main/webapp/vulnerability/baasm/SiteTitle.jsp: 33 CxSAST
LOW Incorrect_Permission_Assignment_For_Critical_Resources /src/main/java/org/cysecurity/cspf/jvl/controller/AddPage.java: 37, 45 CxSAST
LOW Information_Exposure_Through_Query_String /src/main/java/org/cysecurity/cspf/jvl/controller/Register.java: 44, 44, 47 CxSAST
LOW Information_Exposure_Through_Query_String /src/main/java/org/cysecurity/cspf/jvl/controller/XPathQuery.java: 36, 36 CxSAST
LOW Information_Exposure_Through_Query_String /src/main/webapp/vulnerability/csrf/changepassword.jsp: 33, 33, 34 CxSAST
LOW Information_Exposure_Through_Query_String /src/main/java/org/cysecurity/cspf/jvl/controller/LoginValidator.java: 44, 44 CxSAST
LOW Information_Exposure_Through_Query_String /src/main/webapp/admin/adminlogin.jsp: 12 CxSAST
LOW Information_Exposure_Through_an_Error_Message /src/main/java/org/cysecurity/cspf/jvl/controller/Register.java: 69, 69, 69 CxSAST
LOW Information_Exposure_Through_an_Error_Message /src/main/webapp/changeCardDetails.jsp: 55 CxSAST
LOW Information_Exposure_Through_an_Error_Message /src/main/java/org/cysecurity/cspf/jvl/controller/XPathQuery.java: 67 CxSAST
LOW Information_Exposure_Through_an_Error_Message /src/main/java/org/cysecurity/cspf/jvl/controller/UsernameCheck.java: 60 CxSAST
LOW Information_Exposure_Through_an_Error_Message /src/main/java/org/cysecurity/cspf/jvl/controller/Install.java: 172, 172, 172, 178 CxSAST
LOW Information_Exposure_Through_an_Error_Message /src/main/java/org/cysecurity/cspf/jvl/controller/AddPage.java: 68 CxSAST
LOW Information_Exposure_Through_an_Error_Message /src/main/webapp/vulnerability/Injection/orm.jsp: 53 CxSAST
LOW Information_Exposure_Through_an_Error_Message /src/main/java/org/cysecurity/cspf/jvl/controller/EmailCheck.java: 60 CxSAST
LOW Information_Exposure_Through_an_Error_Message /src/main/java/org/cysecurity/cspf/jvl/controller/xxe.java: 58 CxSAST
LOW Information_Exposure_Through_an_Error_Message /src/main/webapp/vulnerability/securitymisconfig/pages.jsp: 32 CxSAST
LOW Information_Leak_Through_Shell_Error_Message /src/main/webapp/vulnerability/baasm/URLRewriting.jsp: 4 CxSAST
LOW Missing_Content_Security_Policy /src/main/java/org/cysecurity/cspf/jvl/controller/AddPage.java: 36 CxSAST
LOW Missing_X_Frame_Options /src/main/webapp/WEB-INF/web.xml: 5 CxSAST
LOW Open_Redirect /src/main/java/org/cysecurity/cspf/jvl/controller/Open.java: 36 CxSAST
LOW Open_Redirect /src/main/java/org/cysecurity/cspf/jvl/controller/LoginValidator.java: 43, 43, 44, 44 CxSAST
LOW Plaintext_Storage_in_a_Cookie /src/main/java/org/cysecurity/cspf/jvl/controller/LoginValidator.java: 43, 44 CxSAST
LOW Potential_Clickjacking_on_Legacy_Browsers /src/main/webapp/ForgotPassword.jsp: 1 CxSAST
LOW Race_Condition /src/main/java/org/cysecurity/cspf/jvl/controller/Install.java: 54, 55, 56, 57, 58, 59, 60, 61 CxSAST
LOW Relative_Path_Traversal /src/main/webapp/vulnerability/sqli/download_id_union.jsp: 18, 18 CxSAST
LOW Relative_Path_Traversal /src/main/webapp/vulnerability/sqli/download_id.jsp: 18, 18 CxSAST
LOW Relative_Path_Traversal /src/main/java/org/cysecurity/cspf/jvl/controller/ForwardMe.java: 39 CxSAST
LOW Relative_Path_Traversal /src/main/java/org/cysecurity/cspf/jvl/controller/AddPage.java: 39 CxSAST
LOW Relative_Path_Traversal /src/main/webapp/vulnerability/idor/download.jsp: 11 CxSAST
LOW Reliance_on_Cookies_in_a_Decision /src/main/webapp/login.jsp: 7, 7 CxSAST
LOW Reliance_on_Cookies_in_a_Decision /src/main/webapp/vulnerability/baasm/SiteTitle.jsp: 7, 7 CxSAST
LOW Reversible_One_Way_Hash /src/main/java/org/cysecurity/cspf/jvl/model/HashMe.java: 16 CxSAST
LOW Sensitive_Cookie_in_HTTPS_Session_Without_Secure_Attribute /src/main/java/org/cysecurity/cspf/jvl/controller/LoginValidator.java: 60, 65, 66 CxSAST
LOW Sensitive_Cookie_in_HTTPS_Session_Without_Secure_Attribute /src/main/webapp/admin/adminlogin.jsp: 29 CxSAST
LOW Stored_Absolute_Path_Traversal /src/main/webapp/vulnerability/sqli/download_id.jsp: 29 CxSAST
LOW Stored_Absolute_Path_Traversal /src/main/webapp/vulnerability/sqli/download_id_union.jsp: 29 CxSAST
LOW Stored_Boundary_Violation /src/main/webapp/admin/adminlogin.jsp: 19, 19, 19, 19 CxSAST
LOW Stored_Boundary_Violation /src/main/java/org/cysecurity/cspf/jvl/controller/LoginValidator.java: 52, 52, 52 CxSAST
LOW Stored_HTTP_Response_Splitting /src/main/webapp/vulnerability/sqli/download_id_union.jsp: 24 CxSAST
LOW Stored_Relative_Path_Traversal /src/main/webapp/vulnerability/sqli/download_id_union.jsp: 24 CxSAST
LOW Stored_Relative_Path_Traversal /src/main/webapp/vulnerability/sqli/download_id.jsp: 24 CxSAST
LOW Suspected_XSS /src/main/webapp/vulnerability/Messages.jsp: 14 CxSAST
LOW Suspected_XSS /src/main/webapp/changeCardDetails.jsp: 29 CxSAST
LOW Suspected_XSS /src/main/webapp/vulnerability/csrf/change-info.jsp: 27 CxSAST
LOW TruffleHog_HighEntropy_Strings /src/main/webapp/vulnerability/xss/flash/exss.jsp: 4 CxSAST
LOW Unrestricted_File_Upload /src/main/java/org/cysecurity/cspf/jvl/controller/xxe.java: 38 CxSAST
LOW Unsynchronized_Access_To_Shared_Data /src/main/java/org/cysecurity/cspf/jvl/controller/Install.java: 54, 54, 54, 54, 54, 55, 55, 55, 55, 56, 56, 56, 56, 56, 57, 57, 57, 57, 57, 58, 58, 58, 58, 58, 58, 59, 59, 59, 60, 60, 60, 61, 66, 67, 68, 69, 70, 71, 111, 112, 112, 112, 117, 119, 121, 121, 121, 121, 127, 127 CxSAST
LOW Use_of_Broken_or_Risky_Cryptographic_Algorithm /src/main/java/org/cysecurity/cspf/jvl/model/HashMe.java: 16 CxSAST
LOW Use_of_Non_Cryptographic_Random /src/main/webapp/vulnerability/sqli/download_id.jsp: 38 CxSAST
INFO Portability_Flaw_In_File_Separator /src/main/webapp/vulnerability/idor/download.jsp: 13 CxSAST
INFO Portability_Flaw_In_File_Separator /src/main/webapp/WEB-INF/config.properties: 8, 8, 8, 8, 8, 8 CxSAST
INFO Portability_Flaw_In_File_Separator /src/main/java/org/cysecurity/cspf/jvl/controller/AddPage.java: 44 CxSAST

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@cx-demo