CSRF issue exists @ src/main/java/org/cysecurity/cspf/jvl/controller/LoginValidator.java in branch refs/heads/master

Method processRequest at line 43 of src\main\java\org\cysecurity\cspf\jvl\controller\LoginValidator.java gets a parameter from a user request from ""username"". This parameter value flows through the code and is eventually used to access application state altering functionality. This may enable Cross-Site Request Forgery (CSRF).

Severity: Medium

CWE:352

Vulnerability details and guidance

Checkmarx

Training
Recommended Fix

Lines: 43 44

Code (Line #43):

       String user=request.getParameter("username").trim();

Code (Line #44):

          String pass=request.getParameter("password").trim();