Uploaded image for project: 'Red Hat Data Grid'
  1. Red Hat Data Grid
  2. JDG-6909

CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Not a Bug
    • Icon: Major Major
    • None
    • RHDG 8.4.x CD
    • JDG Quickstarts
    • None
    • False
    • None
    • False

       

      Error: SNYK_CODE_WARNING (

      CWE-79):

      [#def1]

      integrations/spring-boot/session-embedded/src/main/java/org/infinispan/tutorial/simple/spring/session/UserSessionsController.java:46:16: error[

      java/XSS

      ]: Unsanitized input from the request URL flows into here, where it is used to render an HTML page returned to the user. This may result in a Cross-Site Scripting attack (XSS). # 44| } # 45| MapSession mapSession = (MapSession) simpleValueWrapper.get(); # 46|-> return "Latest " + mapSession.getAttribute(LATEST_SESSION_VALUE); # 47| } # 48| }

            pminz@redhat.com Priyanka Minz
            pminz@redhat.com Priyanka Minz
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Created:
              Updated:
              Resolved: