Update README.md by juegge · Pull Request #209 · jvlstuff/JavaVulnerableLab

juegge · 2022-03-14T19:56:40Z

No description provided.

github-actions · 2022-03-14T19:57:16Z

Scan submitted to Checkmarx

github-actions · 2022-03-14T19:59:06Z

Checkmarx SAST - Scan Summary & Details

Cx-SAST Summary

Total of 296 vulnerabilities
128 High
142 Medium
26 Low
0 Info

Violation Summary

63 High
44 Medium

View more details on Checkmarx UI

Cx-SAST Details

Lines	Severity	Category	File	Link
44	Medium	Unchecked_Input_for_Loop_Condition	src/main/java/org/cysecurity/cspf/jvl/controller/xxe.java	Checkmarx
54 56 57 58	Medium	SSRF	src/main/java/org/cysecurity/cspf/jvl/controller/Install.java	Checkmarx
64	Medium	Privacy_Violation	src/main/java/org/cysecurity/cspf/jvl/controller/LoginValidator.java	Checkmarx
50	Medium	Privacy_Violation	src/main/java/org/cysecurity/cspf/jvl/controller/XPathQuery.java	Checkmarx
15	Medium	Privacy_Violation	src/main/webapp/login.jsp	Checkmarx
26	Medium	Plaintext_Storage_of_a_Password	src/main/java/org/cysecurity/cspf/jvl/model/DBConnect.java	Checkmarx
1	Medium	Missing_HSTS_Header	src/main/webapp/admin/AddPage.jsp	Checkmarx
44	Medium	Improper_Restriction_of_XXE_Ref	src/main/java/org/cysecurity/cspf/jvl/controller/xxe.java	Checkmarx
59 63 64	Medium	HttpOnlyCookies	src/main/java/org/cysecurity/cspf/jvl/controller/LoginValidator.java	Checkmarx
27	Medium	HttpOnlyCookies	src/main/webapp/admin/adminlogin.jsp	Checkmarx
33	Medium	CSRF	src/main/webapp/vulnerability/csrf/changepassword.jsp	Checkmarx
54 56 57 58 60 61	Medium	CSRF	src/main/java/org/cysecurity/cspf/jvl/controller/Install.java	Checkmarx
11 12	Medium	CSRF	src/main/webapp/admin/adminlogin.jsp	Checkmarx
37 38 39	Medium	CSRF	src/main/webapp/changeCardDetails.jsp	Checkmarx
42 43 44 45	Medium	CSRF	src/main/java/org/cysecurity/cspf/jvl/controller/SendMessage.java	Checkmarx
26	Medium	CSRF	src/main/webapp/vulnerability/csrf/change-info.jsp	Checkmarx
43 44 45 46 47	Medium	CSRF	src/main/java/org/cysecurity/cspf/jvl/controller/Register.java	Checkmarx
27 28	Medium	CSRF	src/main/webapp/vulnerability/idor/change-email.jsp	Checkmarx
43 44	Medium	CSRF	src/main/java/org/cysecurity/cspf/jvl/controller/LoginValidator.java	Checkmarx
13	Medium	CSRF	src/main/webapp/admin/manageusers.jsp	Checkmarx
11	Medium	Absolute_Path_Traversal	src/main/webapp/vulnerability/idor/download.jsp	Checkmarx
35 36	High	XPath_Injection	src/main/java/org/cysecurity/cspf/jvl/controller/XPathQuery.java	Checkmarx
42	High	Stored_XSS	src/main/webapp/ForgotPassword.jsp	Checkmarx
14	High	Stored_XSS	src/main/webapp/vulnerability/forumposts.jsp	Checkmarx
52	High	Stored_XSS	src/main/java/org/cysecurity/cspf/jvl/controller/LoginValidator.java	Checkmarx
14	High	Stored_XSS	src/main/webapp/vulnerability/Messages.jsp	Checkmarx
43	High	Stored_XSS	src/main/webapp/vulnerability/sqli/download_id.jsp	Checkmarx
16	High	Stored_XSS	src/main/webapp/vulnerability/DisplayMessage.jsp	Checkmarx
43	High	Stored_XSS	src/main/webapp/vulnerability/sqli/download_id_union.jsp	Checkmarx
19	High	Stored_XSS	src/main/webapp/vulnerability/securitymisconfig/pages.jsp	Checkmarx
24	High	Stored_XSS	src/main/webapp/vulnerability/idor/download.jsp	Checkmarx
12	High	Stored_XSS	src/main/webapp/vulnerability/forumUsersList.jsp	Checkmarx
19	High	Stored_XSS	src/main/webapp/admin/manageusers.jsp	Checkmarx
13	High	Stored_XSS	src/main/webapp/vulnerability/UserDetails.jsp	Checkmarx
19	High	Stored_XSS	src/main/webapp/admin/adminlogin.jsp	Checkmarx
21 29	High	Stored_XSS	src/main/webapp/myprofile.jsp	Checkmarx
66	High	Stored_XSS	src/main/webapp/vulnerability/forum.jsp	Checkmarx
52	High	Second_Order_SQL_Injection	src/main/java/org/cysecurity/cspf/jvl/controller/LoginValidator.java	Checkmarx
19	High	Second_Order_SQL_Injection	src/main/webapp/admin/adminlogin.jsp	Checkmarx
8	High	SQL_Injection	src/main/webapp/vulnerability/UserDetails.jsp	Checkmarx
43 44 45 46 47	High	SQL_Injection	src/main/java/org/cysecurity/cspf/jvl/controller/Register.java	Checkmarx
11	High	SQL_Injection	src/main/webapp/admin/adminlogin.jsp	Checkmarx
33	High	SQL_Injection	src/main/webapp/vulnerability/csrf/changepassword.jsp	Checkmarx
16	High	SQL_Injection	src/main/webapp/vulnerability/DisplayMessage.jsp	Checkmarx
44	High	SQL_Injection	src/main/java/org/cysecurity/cspf/jvl/controller/EmailCheck.java	Checkmarx
27 28	High	SQL_Injection	src/main/webapp/vulnerability/idor/change-email.jsp	Checkmarx
43	High	SQL_Injection	src/main/java/org/cysecurity/cspf/jvl/controller/UsernameCheck.java	Checkmarx
16	High	SQL_Injection	src/main/webapp/myprofile.jsp	Checkmarx
42	High	SQL_Injection	src/main/webapp/ForgotPassword.jsp	Checkmarx
58 60	High	SQL_Injection	src/main/java/org/cysecurity/cspf/jvl/controller/Install.java	Checkmarx
9	High	SQL_Injection	src/main/webapp/vulnerability/forumposts.jsp	Checkmarx
50	High	SQL_Injection	src/main/webapp/vulnerability/Injection/orm.jsp	Checkmarx
35 36	High	SQL_Injection	src/main/java/org/cysecurity/cspf/jvl/controller/XPathQuery.java	Checkmarx
13	High	SQL_Injection	src/main/webapp/admin/manageusers.jsp	Checkmarx
18	High	SQL_Injection	src/main/webapp/vulnerability/sqli/download_id.jsp	Checkmarx
43 44	High	SQL_Injection	src/main/java/org/cysecurity/cspf/jvl/controller/LoginValidator.java	Checkmarx
18	High	SQL_Injection	src/main/webapp/vulnerability/sqli/download_id_union.jsp	Checkmarx
26	High	SQL_Injection	src/main/webapp/vulnerability/csrf/change-info.jsp	Checkmarx
37 38 39	High	SQL_Injection	src/main/webapp/changeCardDetails.jsp	Checkmarx
39	High	Reflected_XSS_All_Clients	src/main/java/org/cysecurity/cspf/jvl/controller/AddPage.java	Checkmarx
44	High	Reflected_XSS_All_Clients	src/main/java/org/cysecurity/cspf/jvl/controller/xxe.java	Checkmarx
9	High	Reflected_XSS_All_Clients	src/main/webapp/vulnerability/Injection/xpath_login.jsp	Checkmarx
16	High	Reflected_XSS_All_Clients	src/main/webapp/vulnerability/xss/search.jsp	Checkmarx
2	High	Reflected_XSS_All_Clients	src/main/webapp/vulnerability/xss/xss4.jsp	Checkmarx
8	High	Reflected_XSS_All_Clients	src/main/webapp/vulnerability/UserDetails.jsp	Checkmarx
7 26	High	Reflected_XSS_All_Clients	src/main/webapp/login.jsp	Checkmarx
11 18	High	Reflected_XSS_All_Clients	src/main/webapp/vulnerability/SendMessage.jsp	Checkmarx
54 58	High	Connection_String_Injection	src/main/java/org/cysecurity/cspf/jvl/controller/Install.java	Checkmarx
12 15	High	Client_DOM_Stored_XSS	src/main/webapp/vulnerability/Injection/xxe.jsp	Checkmarx

Update README.md

6ccdaf1

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Comments

Update README.md#209

Update README.md#209
juegge wants to merge 1 commit intomasterfrom
juegge-pr-dec-cust-demo

juegge commented Mar 14, 2022

Uh oh!

github-actions bot commented Mar 14, 2022

Uh oh!

github-actions bot commented Mar 14, 2022

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

Comments

Conversation

juegge commented Mar 14, 2022

Uh oh!

github-actions bot commented Mar 14, 2022

Uh oh!

github-actions bot commented Mar 14, 2022

Cx-SAST Summary

Violation Summary

Cx-SAST Details

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant