Skip to content

Update README.md#13

Open
cx-demo wants to merge 1 commit intomasterfrom
cx-demo-patch-3
Open

Update README.md#13
cx-demo wants to merge 1 commit intomasterfrom
cx-demo-patch-3

Conversation

@cx-demo
Copy link
Copy Markdown
Owner

@cx-demo cx-demo commented Nov 22, 2021

No description provided.

@cx-demo
Copy link
Copy Markdown
Owner Author

cx-demo commented Nov 22, 2021

Logo
Checkmarx AST - Scan Summary & Details - 65cffffe-2291-4e71-af2b-166c5b639dc9

CxAST Violation Summary

HIGH64 HIGH
MEDIUM20 MEDIUM
LOW12 LOW

CxAST Results

Severity Issue File / Package Scan Engine
HIGH CVE-2015-2575 Maven-mysql:mysql-connector-java-5.1.25 CxSCA
HIGH CVE-2017-3523 Maven-mysql:mysql-connector-java-5.1.25 CxSCA
HIGH CVE-2018-1000632 Maven-dom4j:dom4j-1.6.1 CxSCA
HIGH CVE-2018-3258 Maven-mysql:mysql-connector-java-5.1.25 CxSCA
HIGH CVE-2020-10683 Maven-dom4j:dom4j-1.6.1 CxSCA
HIGH CVE-2020-25638 Maven-org.hibernate:hibernate-core-4.0.1.Final CxSCA
HIGH Cx039cb67c-ead3 Maven-mysql:mysql-connector-java-5.1.25 CxSCA
HIGH Cx08fcacc9-cb99 Maven-org.json:json-20090211 CxSCA
HIGH Cx2906ba70-607a Maven-org.json:json-20090211 CxSCA
HIGH Cx6a5f7948-7054 Maven-commons-collections:commons-collections-3.1 CxSCA
HIGH Cx6f651376-312a Maven-mysql:mysql-connector-java-5.1.25 CxSCA
HIGH Cx78f40514-81ff Maven-commons-collections:commons-collections-3.1 CxSCA
HIGH Cx7ef609d2-efb5 Maven-mysql:mysql-connector-java-5.1.25 CxSCA
HIGH Cxdb5a1032-eda2 Maven-org.json:json-20090211 CxSCA
HIGH Missing User Instruction /Dockerfile: 1 CxKICS
HIGH Passwords And Secrets - Generic Password /docker-compose.yml: 11 CxKICS
HIGH Reflected_XSS_All_Clients /src/main/webapp/vulnerability/SendMessage.jsp: 11, 18 CxSAST
HIGH Reflected_XSS_All_Clients /src/main/webapp/admin/adminlogin.jsp: 58 CxSAST
HIGH Reflected_XSS_All_Clients /src/main/webapp/vulnerability/Injection/xpath_login.jsp: 9 CxSAST
HIGH Reflected_XSS_All_Clients /src/main/webapp/vulnerability/Injection/xslt.jsp: 14 CxSAST
HIGH Reflected_XSS_All_Clients /src/main/java/org/cysecurity/cspf/jvl/controller/xxe.java: 44 CxSAST
HIGH Reflected_XSS_All_Clients /src/main/webapp/vulnerability/xss/xss4.jsp: 2 CxSAST
HIGH Reflected_XSS_All_Clients /src/main/webapp/login.jsp: 7, 26 CxSAST
HIGH Reflected_XSS_All_Clients /src/main/webapp/vulnerability/UserDetails.jsp: 8 CxSAST
HIGH Reflected_XSS_All_Clients /src/main/webapp/vulnerability/xss/search.jsp: 16 CxSAST
HIGH Reflected_XSS_All_Clients /src/main/java/org/cysecurity/cspf/jvl/controller/AddPage.java: 39 CxSAST
HIGH SQL_Injection /src/main/webapp/changeCardDetails.jsp: 37, 38, 39 CxSAST
HIGH SQL_Injection /src/main/java/org/cysecurity/cspf/jvl/controller/UsernameCheck.java: 42 CxSAST
HIGH SQL_Injection /src/main/webapp/vulnerability/sqli/download_id_union.jsp: 18 CxSAST
HIGH SQL_Injection /src/main/webapp/vulnerability/forumposts.jsp: 9 CxSAST
HIGH SQL_Injection /src/main/webapp/vulnerability/csrf/change-info.jsp: 26 CxSAST
HIGH SQL_Injection /src/main/webapp/vulnerability/idor/change-email.jsp: 27, 28 CxSAST
HIGH SQL_Injection /src/main/webapp/admin/adminlogin.jsp: 11 CxSAST
HIGH SQL_Injection /src/main/webapp/vulnerability/forum.jsp: 41, 42, 43 CxSAST
HIGH SQL_Injection /src/main/webapp/vulnerability/Injection/orm.jsp: 50 CxSAST
HIGH SQL_Injection /src/main/webapp/vulnerability/sqli/download_id.jsp: 18 CxSAST
HIGH SQL_Injection /src/main/java/org/cysecurity/cspf/jvl/controller/Register.java: 43, 44, 45, 46, 47 CxSAST
HIGH SQL_Injection /src/main/webapp/ForgotPassword.jsp: 42 CxSAST
HIGH SQL_Injection /src/main/webapp/vulnerability/csrf/changepassword.jsp: 33 CxSAST
HIGH SQL_Injection /src/main/java/org/cysecurity/cspf/jvl/controller/EmailCheck.java: 42 CxSAST
HIGH SQL_Injection /src/main/java/org/cysecurity/cspf/jvl/controller/XPathQuery.java: 35, 36 CxSAST
HIGH SQL_Injection /src/main/webapp/vulnerability/UserDetails.jsp: 8 CxSAST
HIGH SQL_Injection /src/main/webapp/admin/manageusers.jsp: 13 CxSAST
HIGH SQL_Injection /src/main/webapp/myprofile.jsp: 16 CxSAST
HIGH SQL_Injection /src/main/webapp/vulnerability/DisplayMessage.jsp: 16 CxSAST
HIGH Second_Order_SQL_Injection /src/main/webapp/admin/adminlogin.jsp: 19 CxSAST
HIGH Second_Order_SQL_Injection /src/main/java/org/cysecurity/cspf/jvl/controller/LoginValidator.java: 61 CxSAST
HIGH Stored_XSS /src/main/java/org/cysecurity/cspf/jvl/controller/LoginValidator.java: 61 CxSAST
HIGH Stored_XSS /src/main/webapp/vulnerability/UserDetails.jsp: 13 CxSAST
HIGH Stored_XSS /src/main/webapp/admin/manageusers.jsp: 19 CxSAST
HIGH Stored_XSS /src/main/webapp/vulnerability/securitymisconfig/pages.jsp: 19 CxSAST
HIGH Stored_XSS /src/main/webapp/ForgotPassword.jsp: 42 CxSAST
HIGH Stored_XSS /src/main/webapp/vulnerability/DisplayMessage.jsp: 16 CxSAST
HIGH Stored_XSS /src/main/webapp/myprofile.jsp: 21, 29 CxSAST
HIGH Stored_XSS /src/main/webapp/vulnerability/Messages.jsp: 14 CxSAST
HIGH Stored_XSS /src/main/webapp/vulnerability/idor/download.jsp: 24 CxSAST
HIGH Stored_XSS /src/main/webapp/admin/adminlogin.jsp: 19 CxSAST
HIGH Stored_XSS /src/main/webapp/vulnerability/forumUsersList.jsp: 12 CxSAST
HIGH Stored_XSS /src/main/webapp/vulnerability/forum.jsp: 60 CxSAST
HIGH Stored_XSS /src/main/webapp/vulnerability/sqli/download_id_union.jsp: 43 CxSAST
HIGH Stored_XSS /src/main/webapp/vulnerability/sqli/download_id.jsp: 43 CxSAST
HIGH Stored_XSS /src/main/webapp/vulnerability/forumposts.jsp: 14 CxSAST
HIGH Stored_XSS /src/main/webapp/vulnerability/Injection/orm.jsp: 12 CxSAST
HIGH XPath_Injection /src/main/java/org/cysecurity/cspf/jvl/controller/XPathQuery.java: 35, 36 CxSAST
MEDIUM Absolute_Path_Traversal /src/main/webapp/vulnerability/idor/download.jsp: 11 CxSAST
MEDIUM Apt Get Install Pin Version Not Defined /Dockerfile: 5 CxKICS
MEDIUM CVE-2017-3586 Maven-mysql:mysql-connector-java-5.1.25 CxSCA
MEDIUM CVE-2019-14900 Maven-org.hibernate:hibernate-core-4.0.1.Final CxSCA
MEDIUM CVE-2019-2692 Maven-mysql:mysql-connector-java-5.1.25 CxSCA
MEDIUM CVE-2020-2875 Maven-mysql:mysql-connector-java-5.1.25 CxSCA
MEDIUM CVE-2020-2934 Maven-mysql:mysql-connector-java-5.1.25 CxSCA
MEDIUM HttpOnlyCookies /src/main/webapp/admin/adminlogin.jsp: 27 CxSAST
MEDIUM HttpOnlyCookies /src/main/java/org/cysecurity/cspf/jvl/controller/LoginValidator.java: 69, 73, 74 CxSAST
MEDIUM Image Version Not Explicit /Dockerfile: 1 CxKICS
MEDIUM Improper_Restriction_of_XXE_Ref /src/main/java/org/cysecurity/cspf/jvl/controller/xxe.java: 44 CxSAST
MEDIUM Missing_HSTS_Header /src/main/java/org/cysecurity/cspf/jvl/controller/AddPage.java: 55 CxSAST
MEDIUM Plaintext_Storage_of_a_Password /src/main/java/org/cysecurity/cspf/jvl/model/DBConnect.java: 26 CxSAST
MEDIUM Privacy_Violation /src/main/java/org/cysecurity/cspf/jvl/controller/XPathQuery.java: 50 CxSAST
MEDIUM Privacy_Violation /src/main/java/org/cysecurity/cspf/jvl/controller/LoginValidator.java: 74 CxSAST
MEDIUM Privacy_Violation /src/main/webapp/login.jsp: 15 CxSAST
MEDIUM Unchecked_Input_for_Loop_Condition /src/main/java/org/cysecurity/cspf/jvl/controller/xxe.java: 44 CxSAST
MEDIUM Unchecked_Input_for_Loop_Condition /src/main/webapp/vulnerability/idor/download.jsp: 11 CxSAST
MEDIUM Use_of_a_One_Way_Hash_with_a_Predictable_Salt /src/main/webapp/admin/adminlogin.jsp: 12 CxSAST
MEDIUM Use_of_a_One_Way_Hash_with_a_Predictable_Salt /src/main/java/org/cysecurity/cspf/jvl/controller/Install.java: 61 CxSAST
LOW CVE-2017-3589 Maven-mysql:mysql-connector-java-5.1.25 CxSCA
LOW CVE-2020-2933 Maven-mysql:mysql-connector-java-5.1.25 CxSCA
LOW Healthcheck Instruction Missing /Dockerfile: 1 CxKICS
LOW Heap_Inspection /src/main/java/org/cysecurity/cspf/jvl/controller/Register.java: 44 CxSAST
LOW Heap_Inspection /src/main/webapp/vulnerability/csrf/changepassword.jsp: 33 CxSAST
LOW Heap_Inspection /src/main/webapp/login.jsp: 6 CxSAST
LOW Heap_Inspection /src/main/java/org/cysecurity/cspf/jvl/controller/XPathQuery.java: 36 CxSAST
LOW Heap_Inspection /src/main/java/org/cysecurity/cspf/jvl/controller/LoginValidator.java: 44, 74 CxSAST
LOW Open_Redirect /src/main/java/org/cysecurity/cspf/jvl/controller/LoginValidator.java: 43, 44 CxSAST
LOW Open_Redirect /src/main/java/org/cysecurity/cspf/jvl/controller/Open.java: 36 CxSAST
LOW Password_In_Comment /src/main/java/org/cysecurity/cspf/jvl/controller/LoginValidator.java: 53 CxSAST
LOW Use_of_Broken_or_Risky_Cryptographic_Algorithm /src/main/java/org/cysecurity/cspf/jvl/model/HashMe.java: 16 CxSAST

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@cx-demo